I work in a GRC role, so I won't ever really get time to play with this - but really enjoyed reading this, and a little tempted to play with it at home.
Hi Victor - I'll try a little here and we can find another medium to talk further if needed. So GRC is Governance, Risk, and Compliance - as you probably know.
Governance is mostly about working a ticket queue and responding to requests from the user community and business units - things like requests for users to have local admin rights, be able to visit blocked websites, or for teams to have a secure method for sharing data with external parties during project work - just as a few quick examples.
Risk is cyber risk assessment and management (my favorite part of these roles). Cyber risk management folds into enterprise risk management and is generally one of the very best ways to get senior leadership to pay attention to cybersecurity issues and agree to devote financial and human resources to address them.
Compliance is kinda what it says on the box too - being compliant with whichever local/national/international laws and regulations an organization needs to be in order to carry out its business. Compliance efforts can bleed over a little - or be misnamed - when we work in areas like third party risk management.
Anyway, hopefully that's somewhere close to useful for you.
Sure. How about we keep it on Substack? In the Notes area you can just do @Patrick Jordan - it will start appearing after Patr I think. You can say more about what you'd like to know and I'll reply, and who knows, maybe it will be useful to some others.
I work in a GRC role, so I won't ever really get time to play with this - but really enjoyed reading this, and a little tempted to play with it at home.
I am interested in GRC, can you give me some pointers. I'll really appreciate it. Thanks
Hi Victor - I'll try a little here and we can find another medium to talk further if needed. So GRC is Governance, Risk, and Compliance - as you probably know.
Governance is mostly about working a ticket queue and responding to requests from the user community and business units - things like requests for users to have local admin rights, be able to visit blocked websites, or for teams to have a secure method for sharing data with external parties during project work - just as a few quick examples.
Risk is cyber risk assessment and management (my favorite part of these roles). Cyber risk management folds into enterprise risk management and is generally one of the very best ways to get senior leadership to pay attention to cybersecurity issues and agree to devote financial and human resources to address them.
Compliance is kinda what it says on the box too - being compliant with whichever local/national/international laws and regulations an organization needs to be in order to carry out its business. Compliance efforts can bleed over a little - or be misnamed - when we work in areas like third party risk management.
Anyway, hopefully that's somewhere close to useful for you.
Thank you Patrick for the response. Do suggest a medium where we could talk further.
Sure. How about we keep it on Substack? In the Notes area you can just do @Patrick Jordan - it will start appearing after Patr I think. You can say more about what you'd like to know and I'll reply, and who knows, maybe it will be useful to some others.
I like adding the hayabusa .csv to sql browser and sorting the rule title matches to least occurrence. Usually find what I’m looking for.