GRC Diary


Q2 2017 — sponsored by Lazarus Alliance, Inc. — provides chief information security officers (CISOs) and IT security teams, HR, legal, governance, risk and compliance executives with a quarterly list of noteworthy GRC activity.


Avoiding cyberattacks begins with GRC

Market for governance, risk and compliance solutions is expected to grow by 13 percent over the next 5 years.

bradcaseyheadshotBrad Casey

Menlo Park, Calif. – Jun. 30, 2017

Cybersecurity Ventures announces the GRC Diary — a new quarterly in our diary series.

“The 21st century cyber security landscape is dynamic, with new threats emerging daily and profoundly impacting companies of all sizes around the world” says Michael Peters, CEO at Lazarus Alliance, Inc.. “The only way to avoid being hacked is to identify your vulnerabilities before cyber criminals do. The right governance, risk, and compliance (GRC) solutions should systematically identify and eliminate cyber security risks.”

GRC is flush with new compliance and risk challenges, and an abundance of new market entrants and products.

The White House is involved — with efforts to make U.S. government agencies more GRC compliant, and dare we say… to make GRC great again.

All industries in all countries are grappling with an ever more complicated GRC landscape. But, no one ever said that GRC was going to be easy.



Jun. 30.  Officials at both the U.S. SEC and FINRA discuss ways in which different organizations can avoid serious cyber-attacks.  Much of the discussions centers on GRC issues.

Jun. 30.  Social SafeGuard, a leading provider of digital risk management, has announced its new support of Microsoft Sharepoint and Skype.  This new support will allow companies who rely heavily on SharePoint and Skype to mitigate risk.

Jun. 30.  The CEO of Clearwater Compliance reports that the C-Suite needs governance, among other things, to have a vibrant security program when securing IT infrastructure within the health industry.

Jun. 29.  Governance, Risk, and Compliance is becoming a fertile market for IT vendors, as buyers are increasingly educating themselves prior to purchasing various products.

Jun. 29.  This CEO discusses the latest ransomware attack that ravaged European IT infrastructure along with the various ways that GRC can assist in the prevention of future attacks.

Jun. 29.  One study finds that most companies agree that cyber-attacks pose a grave risk to their IT infrastructure, and therefore provide security training to employees.  However, most companies do not require their vendors to adhere to the same standards that they abide by.

Jun. 28.  One author encourages investors to be wary of companies that do not take GRC issues seriously.  He opines that many of these same companies open themselves up to significant loss in the event of cyber-attack.

Jun. 28.  This industry professional discusses the pros and cons of Compliance-As-A-Service.  While CaaS can provide quicker more efficient solutions, it falls short in some of the more minute details, such as compliance with regulations of other countries.

RELATED: Outsourcing Can Help Bridge the Cyber Security Skills Gap

Jun. 27.  With all of the talk surrounding the possible reworking of NAFTA, some within the security industry say that this is an ideal time to rework some of the GRC issues that went unaddressed in the original agreement.

Jun. 26.  This CIO discusses the role of the CIO as it relates to governance, risk, and compliance.

Jun. 26.  Saviynt and Allgress announce their partnership in their respective efforts at achieving better compliance with such frameworks as DFARS 171, NIST 800-53, and PCI.

Jun. 23.  At the Operational Risk Awards 2017 ceremony, the company that won the award for the best risk/security product was RSA Archer.  RSA Archer also wins an award for their efforts at bringing GRC into the mainstream.

Jun. 23.  Due the increased regulatory environment within the world of IT, many believe that the Chief Information Security Officer is really the Chief Financial Officer of information security.

Jun. 23.  In the wake of Symantec’s much publicized certificate issues, Mozilla is set to do legal battle with them as the spar over who will handle Symantec’s Public Key Infrastructure.

Jun. 23.  At the Operational Risk Awards 2017 ceremony, the product that took home the prize for Best GRC Product was IBM’s OpenPages.  OpenPages utilizes IBM’s machine learning technology to come up with smart solutions on its own.

Jun. 21.  Due to the efforts of Eukleia and Preloaded, the game that they created that assisted end users learn about GRC in a fun and amusing way, an award has been granted for the game Zero Threat.  A Silver award was granted at the 2017 International Serious Play Awards ceremony.

Jun. 20.  A general theme for this year seems to be the growing number of partnerships between companies of diverse backgrounds teaming up to better navigate the GRC field.  Now, NASDAQ’s BWise and KPMG, LLC have teamed up to provide a better GRC solution.

Jun. 20.  In an effort to make GRC great again, President Trump wants a rather large overhaul of some of the more obsolete IT systems within the federal government.  Apparently some systems still utilize floppy disks.

Jun. 19.  To avoid some of the scandals of years past, this author lists 6 of the top GRC certifications that will go a long way toward protecting companies from various risks.

Jun. 14.  Leading cyber risk and compliance company, Edgile, has teamed up with Microsoft Azure and SailPoint to assist companies who are moving increasing amounts of their infrastructure to the cloud.  The will leverage Azure’s secure access along with SailPoint’s identity governance.

Jun. 13.  OXIAL announces their new product, the IT GRC SOLUTION, which provides a comprehensive look at an organization’s GRC posture by combining the various disciplines that go into GRC.


May. 24.  The Executive Chairman of MetricStream discusses the various GRC obstacles that companies have to navigate throughout the world.  He talks about how each industry sometimes has vastly different GRC requirements than other industries.

May. 23.  This security professional discusses the need for better security within the retail industry.  Many of the security deficiencies within the retail industry can be corrected by better adherence to GRC issues.

May. 19.  In a rather fun approach toward GRC training, the folks at Eukleia have teamed up with Preloaded in order to make Zero Threat – a game that trains users in cyber security awareness.

May. 18.  According to SBWire, the enterprise GRC market will grow by approximately 13% between 2017 and 2023.  The bulk of said growth will occur in North America.

May. 17.  Leading cyber security, governance, risk, and compliance (GRC) firm, Lazarus Alliance has formed an alliance with – a platform that assists labor unions with the collection of dues.  This new partnership will help PledgeUp in their drive for better PCI compliance.

May. 17.  A former White House cyber security advisor discusses the latest news regarding risk management.  He points to 6 technology trends that will affect GRC in the future.

May. 15.  In the past, achieving compliance within an organization’s IT infrastructure was simpler when compared to present day.  Much of this additional complexity has occurred due to the rapid shift of organizational infrastructure to the cloud.

RELATED: Lazarus Alliance, Inc. provides Security, Compliance, Risk, Policies and Cybervisor Services

May. 11.  Access Rights Management is an old, yet pervasive problem within the tech industry.  GRC advocates continue to wrestle with who should and should not be given access to various areas of the network.

May. 11.  In an effort to make government agencies more GRC compliant, President Trump signs an executive order that holds the various cabinet secretaries responsible for their respective agency’s IT security.

May. 9.  In an interesting move, Harland Clarke forms an alliance with LockPath, a leading provider of GRC advice.  Together, the two organizations will produce a cloud platform called GRC Spotlight.

May. 9.  To better assist companies with security and GRC issues, Verizon takes an in-depth look at thousands of breaches that have occurred in various enterprise networks.

May. 8.  The Social Security Administration will attempt to improve their GRC posture by once again attempting to implement 2-factor authentication.

May. 4.  The security and risk management firm, Edgile, announces the release of their latest service known as Technology Diagnostics Managed Service.  This new service will assist enterprise leaders in making more informed decisions as these decisions pertain to risk.

May. 2.  This compliance and security professional discusses different indicators that provide insight into whether a company’s GRC posture is adequate.  Among these indicators of inadequacy are the use of spreadsheets to track compliance issues.

May. 1.  This leader within the insurance industry discusses the slow adoption of cyber insurance by many within the tech industry.


Apr. 27.  In alignment with what seems to be an increasing trend between risk management companies and software companies, 3E Company and IsoMetrix are teaming up to offer an integrated GRC solution.

Apr. 25.  In the spirit of GRC, BeCyberSure has announced the launching of what it has deemed the most comprehensive GDPR (General Data Protection Regulation) assessment available.  This new assessment gauges an organization’s total security and compliance posture.

Apr. 19.  According to this cyber security expert, the 3 primary areas of growth within the security industry are cyber risk, cyber insurance and IoT security.  She goes on to give examples of serious cyber breaches that gave way to the need for cyber security.

Apr. 18.  Adopting a culture of acceptance of GRC is more than simply implementing policies.  Deploying effective GRC tools allows for greater adherence to GRC.

RELATED: Overwhelmed by GRC? Looking for a Solution? ContinuumGRC Can Help.

Apr. 13.  The CEO of CyberNance discusses the role of GRC in the life span of a company, along with the increased emphasis boards of directors are placing on GRC.

Apr. 7.  The CTO of MarkLogic discusses the necessity of GRC.  He discusses how each letter in the ‘GRC’ acronym stands for something that interrelates with the other.

Apr. 6.  This author discusses the growing need for uniformity of GRC efforts in the Middle East.  Simply utilizing GRC software as a means of checking different boxes is insufficient.

Apr. 5.  Forming another alliance, LockPath has teamed up with SecurityScorecard in order to help organizations manage third-party and vendor risk.

Apr. 5.  One of the market leaders in GRC apps, MetricStream, has announced the release of their M7 platform.  This new platform is supposed to provide organizations real-time intelligence so organizational leaders can make more informed decisions.

Apr. 3.  Some within the tech industry have become overly reliant on GRC tools to ensure their adherence to various regulations.  Some security experts feel that a greater emphasis needs to be placed in areas such as common sense.

Stay tuned for the Q3 2017 edition of the GRC Diary.

Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.


© 2016-2017 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.