A posting Dark Reading in the Risk Management section:
A growing need for security discipline and the availability of better threat data are changing the old, monolithic Governance, Risk and Compliance concept into a near-term enterprise risk management project, experts say.
GRC, a methodology for building global IT policies, priorities and practices around key risk and compliance factors, has long been viewed as a framework that was too complex and resource-intensive for all but the largest enterprises. But driven by a need to improve security and add some means of measuring risk, many businesses are pushing past these old perceptions and implementing elements of the technology, without necessarily tagging their efforts with the GRC name.
“The market for [GRC] management is growing, as more companies recognize the value in safeguarding their business practices — not just because doing so is good for business, but because it’s necessary for protection against specific economic and market conditions,” says William Jan, vice president and practice leader at research firm Outsell, in the company’s 2013 GRC market assessment.
To read more click here: