Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Surveying the GRC landscape

Governance, Risk and Compliance (GRC) Management
Security: Identity Management Alert By Dave Kearns , Network World , 11/07/2007
Kearns
Sign up for this newsletter now!

Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Governance, Risk and Compliance (GRC) Management is fast becoming the No. 1 topic of conversation in the enterprise identity field. Among the leaders in the space is San Jose’s Agiliance and I had the opportunity last week to chat with their new Vice President of Marketing, Patrick Kerans. 

<aside> Thanks to Liz Safran for bringing us together. I once called Liz the “punctuality-challenged, but always helpful PR princess,” but she was right on time with this one. And she’s a Red Sox fan. And she’s single, guys. </aside>

Kerans came to Agiliance from Counterpane Internet Security (now BT Counterpane), Bruce Schneier’s well-respected managed security company. He’s no stranger to the world of securing digital assets. And that’s generally how you can describe the GRC space – managing the organization’s digital assets in such a way that business gets done, regulations are complied with, and nothing that should be kept private is revealed.

Kerans was on the phone to let me know about the upcoming release of Agiliance IT-GRC 3.0. Well, “upcoming” at the time, but shipping now. He differentiated Agiliance’s offering from it’s competitors by talking about the new Enterprise Risk Management (ERM) module that enables organizations to model risk scenarios that encompass operational risks as well as traditional financial risks. 

In words only a Marketing VP could utter, he said: “By pulling opinions from multiple stakeholders via Web-based surveys and workshops, across multiple divisions and geographies, and integrated with automated IT risk data from underlying infrastructure, Agiliance IT-GRC 3.0 provides the holistic view and feature set required to implement effective Enterprise Risk Management programs.” That is, the service doesn’t rely on pre-packed data, or “sniffed and analyzed” packets but also actually involves the people who know the organization best to help design the GRC model that, in the end, is implemented.

It’s an interesting approach that requires the involvement of the business side of your organization. It might not be right for everyone, but if it is a good fit for you, then it will be a very good fit.

There’s a whole lot more to the product, of course, much more than we can review here so you’ll have to do that on your own. But it won’t be time wasted.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed