Introduction to Governance, Risk, and Compliance

This lesson begins by demonstrating how core governance, risk, and compliance (GRC) concepts support the ideals of how a successful business might run. For instance, businesses likely want to be:

• Mission Oriented - focused on a particular task or overall goal
• Shrewd – Well-positioned to take advantage of market opportunities and wise enough to avoid mistakes
• Trustworthy – Viewed with trust by customers and business partners

Businesses use traditional GRC concepts to support those goals.

• Governance – keeping the business mission oriented
• Risk management – keeping the business from making mistakes while taking advantage of opportunity
• Compliance – Meeting obligations to act in certain ways

Security GRC, however, is less focused on business outcomes and more focused on the security outcomes that support overarching business goals. For instance, Security Governance is still targeted at keeping an organization mission oriented but mission oriented as it relates to implementing appropriate security controls. Security Risk Management continues to be focused on managing risk but is aimed at managing security-related risk as opposed to managing organizational or financial risk. Finally, Security Compliance ensures that organizations are living up to their security obligations. Certainly, all of the Security GRC functions support the business, but they operate at a more tactical level.

Throughout the course, we’ll examine each of the three components of Security GRC --- Governance, Risk, and Compliance. We’ll additionally spend time talking about a fourth critical function of GRC---Audit Management.