Organizations can leverage TrustedAgent GRC to implement, sustain, and accelerate the implementation of governance, risk management, and compliance (GRC) for their enterprise. This brief describes the elements of an effective GRC process and how TrustedAgent GRC can cost-effectively assist organizations in their implementation.
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Building an Effective GRC Process with TrustedAgent GRC
1. InfoSec Learning Center
1
Building an Effective GRC
Process with TrustedAgent GRC
April 10, 2013
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
2. What Keeps CROs up at Night?
2
Chief Risk Officers (CROs) are responsible for identifying, analyzing, and
mitigating internal and external events could adversely affect the company.
Are we meeting the mandate regulatory requirements?
What are the financial and business impacts to my organization for
noncompliance?
How do we achieve and sustain ongoing compliance?
What visibility do we have to risks within the organization?
How healthy is the governance or security posture for my organization?
Are we providing the required communication and awareness of the
governance and directions to our employees to keep pace with changing
environments and achieving our business objectives?
What are the gaps of my enterprise and how they are impacting my business
objectives?
Do we have the tools and the talents to manage our compliance needs?
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
3. Building Blocks for Governance, Risk Management
and Compliance
3
Governance:
Define and communicate corporate
governance, policies, and standards
including standards unique to the
organization.
Enhance implementation by leveraging
existing governance and standards such
as HIPAA/HITECH, ISO, COBIT, SOX,
FISMA, DIACAP, FedRAMP, etc.
Risk Management:
Conduct enterprise risk management
(ERM) to centrally identify, remediate
and mitigate risks or noncompliance that
may impact the business objectives of the
organization.
G R C
Compliance:
Manage and oversee management and
regulatory reporting, continuous
monitoring, and change management to
standards and policies.
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
4. Why Organizations Utilize GRC?
4
Enable better govern and standardize regulatory, information security policies
and procedures across technical, operational, and human assets.
Ensure secure and effective internal information security processes and those
processes established with vendors and business partners.
Standardize and manage deviations in regulatory and organizational security
compliance.
Quantify and better manage security risks, vulnerabilities and their
remediation efforts.
Measure residual risks and impacts, and project outcomes from risk-based
activities.
Monitor and continuously improve the security profile of the enterprise.
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
5. Governance
5
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
6. Risk Management
6
Identify risk and noncompliance
against governing policies and
standards.
Manage risks identified from
automated and external/internal
manual sources including vulnerability
and configuration assessments, and
internal and third-party regulatory
audits.
Remediate findings using a
comprehensive framework that manage
the activities and responsible assignees
through the life cycle of the findings.
Mitigate recurrences through periodic
implementation and validation of key
controls.
Elevate and improve the organization’s
awareness, compliance and risk posture
over time.
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
7. Compliance
7
Manage regulatory and management
reporting including standard-mandate
and ad hoc reporting.
Create and maintain governance-
specific reports and security AUDITS &
ASSET CHANGES
authorization packages. ASSESSMENTS
Policies and Plans REGULATORY &
STANDARD
Security Plans VULNERABILITY
CHANGES
&
System Authorization CONFIGURATION
MANAGEMENT
Provide a single view access to the data
and the metrics governing the
organization with transparency and
control.
Leverage comprehensive framework to
maintain continuous monitoring to
address:
Vulnerability and configuration changes
Asset changes
Periodic audits and assessments
Regulatory changes
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
8. Governance and Security Standards
8
NEI, COBIT, ISO, PCI DSS and many more...
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
9. TrustedAgent GRC Platform
9
Since 2001, TrustedAgent GRC platform has been the premier government-GRC (gGRC)
solution for the government agencies.
gGRC differs from other traditional GRC solution in that gGRC:
1. Handles detail-driven requirements and responses.
2. Manages complex requirements relating to content and format.
3. Is customizable for various organization formats, specific contents and requirements.
4. Supports any number of deliverables including those unique to the organization.
TrustedAgent GRC provides the flexibility and customization to support complex
requirements of government agencies and the required simplicity for commercial entities.
TrustedAgent GRC enables organization to:
Manage organizational structures, inventory, people, IT assets and relationships through their life
cycles.
Identify, assess, and mitigate risks and vulnerabilities.
Provide oversight with comprehensive dashboard and management reporting.
Monitor and improve ongoing security and risk posture.
Automate alerts and processes for IT security authorization, risk management, and compliance
audits.
Manage regulatory and organizational security requirements, policies, and documentation
templates.
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
10. Key Benefits of TrustedAgent
10
Provide an enterprise solution that integrates, standardizes, and enhances the
existing GRC processes of an organization.
Standardize management of security risks, privacy, and regulatory compliance
across the enterprise.
Reduce security risks that negatively impact customer dissatisfaction, revenues,
stock price volatility, and brand recognition.
Reduce resources, time, and costs associated with compliance and oversight
processes.
Proactively assess and continuously improve the organization security posture.
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
11. About TrustedAgent GRC
11
TrustedAgent Governance, Risk and Compliance (GRC) provides organizations with a
central technology platform to manage the organization’s security assessment,
authorization, and continuous monitoring for risk and compliance management across the
enterprise using several standards including FedRAMP, ISO 27001, HIPAA/HITECH, PCI
DSS, COBIT, NERC, and FISMA.
TrustedAgent GRC collects and aggregates results from other ancillary tools such as asset
management, configuration management, vulnerability management, and other information
security tools and processes for analysis and understanding of the enterprise risk profile,
conducting compliance and remediation, and management reporting.
TrustedAgent GRC provides a structured, consistent, and time-saving approach to organize
and implement GRC processes for organizations, implements and maintains compliance and
regulatory deliverables, accelerates the process of securing authorization and compliance to
governing standards, and sustains ongoing compliance including change management and
continuous monitoring to meet the challenges of governance for commercial enterprises and
government agencies.
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity
12. About Trusted Integration
12
Since 2001, Trusted Integration has been a leader in providing Governance, Risk and
Compliance management solutions for government and commercial organizations
specializing superior-quality, cost-saving Information risk management solutions in the
Federal Government Compliance (FISMA, DIACAP, and FedRAMP). In addition, Trusted
Integration also provides compliance solutions supporting payment card industry data
security standards (PCI-DSS), health care HIPAA/HITECH, energy sector (NERC, NEI) and
information technology governance including COBIT and ISO 27001.
For more information, visit us at www.trustedintegration.com.
Trusted Integration, Inc.
525 Wythe Street
Alexandria, VA 22314
(703) 299-9171
solutions@trustedintegration.com
Company Sensitive
This document is the property of Trusted Integration, Inc.
It should not be duplicated or distributed to any third-party entity