HomeCyber BalkansThe importance of integrating governance, risk, and compliance with cybersecurity

The importance of integrating governance, risk, and compliance with cybersecurity

Published on

spot_img

In the realm of cybersecurity and governance, CISOs and their teams are feeling the mounting pressure of protecting organizations while navigating through a maze of regulations and requirements. Insight Enterprises’ Rader highlighted the overwhelming nature of these responsibilities, pointing towards the need for a uniform set of requirements akin to the PCI security standards in the payments industry. He emphasized the potential benefits of hyperscalers collaborating to establish a standard that would streamline compliance efforts across different regions.

Meanwhile, at the University of Phoenix, cybersecurity and GRC are intricately intertwined within the same team, as shared by Larry Schwarberg, the VP of information security. By aligning cybersecurity practices with a GRC framework, the university leverages a consolidated view of NIST 800-171 and ISO 27001 standards to guide its risk management framework. The cybersecurity team collaborates closely with legal, ethics, compliance, data privacy, internal audit, and enterprise risk functions to ensure compliance with regulatory requirements. This collaborative effort helps in evaluating and implementing security controls based on the organization’s risk appetite.

The integration of GRC into the CISO role signifies a broader shift towards a more business-focused and risk-based approach to cybersecurity management. Rader emphasized the need for CISOs to balance technical expertise with business acumen, essentially becoming the ambassador of security within their organizations. As the cybersecurity landscape evolves to encompass broader risks and protections, technical teams and GRC roles must collaborate effectively to create a cohesive program that aligns with organizational goals.

Effective communication plays a crucial role in bridging the gap between technical cybersecurity information and business-related risks. Many CISOs struggle with articulating the business impact of cybersecurity risks to senior leaders, hampering the effectiveness of security initiatives. Leadership buy-in is deemed essential for the success of security and governance measures, with MetricStream’s Sabbineni emphasizing the need for clear governance structures and quantification of cyber risks in monetary terms.

Moreover, leadership support is pivotal in allocating resources towards implementing resilient cybersecurity defenses. Without strong leadership backing, GRC initiatives are likely to falter, underscoring the importance of a collective understanding of cybersecurity responsibilities across various organizational roles. As cybersecurity continues to evolve as a shared responsibility, boards, executives, risk leaders, compliance heads, and general counsel must collectively comprehend and safeguard their organizations against cyber threats.

Source link

Latest articles

CISA Encourages Software Vendors to Establish Vulnerability Disclosure Programs

Emphasis on Coordinated Vulnerability Disclosure: A Crucial Step Towards Enhanced Cybersecurity In a significant move...

UK NCSC Launches AI-Powered Cyber Shield Initiative

The UK's National Cyber Security Centre (NCSC) has officially unveiled Cyber Shield, an ambitious...

Cribl Focuses on TTP-Based Detection Through Acquisition of CardinalOps

Startup Enhances Security Posture Through Strategic Acquisition Cribl Inc. Enhances Security Detection With CardinalOps Acquisition In...

Hackers Combine Stolen Wallet Databases with Keychain Passwords for Offline Crypto Theft

Rising Threat: macOS Malware Combines Stolen Data for Cryptocurrency Theft In a notable development in...

More like this

CISA Encourages Software Vendors to Establish Vulnerability Disclosure Programs

Emphasis on Coordinated Vulnerability Disclosure: A Crucial Step Towards Enhanced Cybersecurity In a significant move...

UK NCSC Launches AI-Powered Cyber Shield Initiative

The UK's National Cyber Security Centre (NCSC) has officially unveiled Cyber Shield, an ambitious...

Cribl Focuses on TTP-Based Detection Through Acquisition of CardinalOps

Startup Enhances Security Posture Through Strategic Acquisition Cribl Inc. Enhances Security Detection With CardinalOps Acquisition In...