Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Surveying the GRC landscape

Governance, Risk and Compliance (GRC) Management
Security: Identity Management Alert By Dave Kearns , Network World , 11/07/2007
Kearns
Sign up for this newsletter now!

Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.

Governance, Risk and Compliance (GRC) Management is fast becoming the No. 1 topic of conversation in the enterprise identity field. Among the leaders in the space is San Jose’s Agiliance and I had the opportunity last week to chat with their new Vice President of Marketing, Patrick Kerans. 

<aside> Thanks to Liz Safran for bringing us together. I once called Liz the “punctuality-challenged, but always helpful PR princess,” but she was right on time with this one. And she’s a Red Sox fan. And she’s single, guys. </aside>

Kerans came to Agiliance from Counterpane Internet Security (now BT Counterpane), Bruce Schneier’s well-respected managed security company. He’s no stranger to the world of securing digital assets. And that’s generally how you can describe the GRC space – managing the organization’s digital assets in such a way that business gets done, regulations are complied with, and nothing that should be kept private is revealed.

Kerans was on the phone to let me know about the upcoming release of Agiliance IT-GRC 3.0. Well, “upcoming” at the time, but shipping now. He differentiated Agiliance’s offering from it’s competitors by talking about the new Enterprise Risk Management (ERM) module that enables organizations to model risk scenarios that encompass operational risks as well as traditional financial risks. 

In words only a Marketing VP could utter, he said: “By pulling opinions from multiple stakeholders via Web-based surveys and workshops, across multiple divisions and geographies, and integrated with automated IT risk data from underlying infrastructure, Agiliance IT-GRC 3.0 provides the holistic view and feature set required to implement effective Enterprise Risk Management programs.” That is, the service doesn’t rely on pre-packed data, or “sniffed and analyzed” packets but also actually involves the people who know the organization best to help design the GRC model that, in the end, is implemented.

It’s an interesting approach that requires the involvement of the business side of your organization. It might not be right for everyone, but if it is a good fit for you, then it will be a very good fit.

There’s a whole lot more to the product, of course, much more than we can review here so you’ll have to do that on your own. But it won’t be time wasted.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.

Whitepapers

Advancing the Economics of Networking

Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...

Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices

This paper reviews the problem of creating a network where the dynamic availability of services is...

Enterprise Data Center Network Reference Architecture

Using a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...

Webcasts

PoE Plus: Impact on the PoE Market

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...

Harnessing the power of communications to increase workplace performance

Due to the convergence of IT and telecommunications technologies, the business workplace has been...

Stay out of the headlines: Detecting and preventing network intrusions

How do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...

Special Reports

The Evolution of Network Security

We have so many holes punched in our firewalls today that many industry insiders question the value...

IP address management in 2008 - six things to know

Read this Network World Special Brief to learn how Enterprise IT managers must update their...

The self-managed network

We aren't there yet, but advances in network and systems management tools are making it possible to...