GRC (Governance-Risk Management-Compliance) is a term covering an organization’s umbrella management approach across three business domains for achieving business objectives and goals.
♦ Governance and automation
Governance describes a comprehensive business framework which includes a responsible management through effective directing and control, with clear strategies, directions, and instructions. Governance span over other approaches and helps growing business environment which support grow of business.
CyberDef in engaged in governance through the support of Governance automation, which grows a reliable business process measurement and enables continual monitoring, measurement and continual improvements.
♦ Risk management
Risk management is set of processes through which management identifies, analyzes and respond to the risks appropriately to the business objectives.
CyberDef supports an implementation of the ISO 31000 Risk management methodology, as a unique risk management standard for all organization. This way, an organization are able to unify risk management processes, develop a common understanding of the business risks, and enables an organization to define common organizational objectives.
Compliance means conforming to stated requirements defined by different sources – laws and regulations, industry standards and directives, contracts, and/or even client’s expectations. It involves different strategies, policies, and procedures, which includes whole life cycle of the continual improvements.
CyberDef supports an implementation of the management processes related to Information security management system (ISO 27001) and Business continuity management system (ISO 22301) and other specific industry standards and regulation, related to Information technology.