Post

Day 9 Nine o_clock, make GRC fun, tell no one.

Posted
By Mahmud Elgoeuri
1 min read

GRC Governance, Risk, and Compliance

some example:

  • Reserve Bank Regulations: In most countries, banks have to adhere to the security regulations set forth by the country’s reserve bank. This ensures that each bank adheres to a minimum security level to protect the funds and information of their customers.
  • SWIFT CSP: Banks use the SWIFT network to communicate with each other and send funds. After a massive bank breach resulted in a $81 million fraudulent SWIFT transfer, SWIFT created the Customer Security Programme (CSP), which sets the standard of security for banks to connect to the SWIFT network.
  • Data Protection: As banks hold sensitive information about their customers, they have to adhere to the security standards created by their data regulator (usually the reserve bank in most countries).

Governance Governance is the function that creates the framework that an organisation uses to make decisions regarding information security. Governance is the creation of an organisation’s security strategy, policies, standards, and practices in alignment with the organisation’s overall goal. Governance also defines the roles and responsibilities that everyone in the organisation has to play to help ensure these security standards are met.

Risk Risk is the function that helps to identify, assess, quantify, and mitigate risk to the organisation’s IT assets. Risk helps the organisation understand potential threats and vulnerabilities and the impact that they could have if a threat actor were to execute or exploit them. By simply turning on a computer, an organisation has some level of risk of a cyber attack. The risk function is important to help reduce the overall risk to an acceptable level and develop contingency plans in the event of a cyber attack where a risk is realised.

Compliance  Compliance is the function that ensures that the organisation adheres to all external legal, regulatory, and industry standards. For example, adhering to the GDPR law or aligning the organisation’s security to an industry standard such as NIST or ISO 27001

Cybersecurity, Tryhackme
THM Writeups Advent_of_cyber
This post is licensed under CC BY 4.0 by the author.