Governance, Risk, Compliance

Image

Continuing the conversation on cybersecurity leaders’ concerns is governance, risk, and compliance. Traditionally, GRC falls under a Chief Risk Officer (CRO) within an enterprise risk management program. Currently, more and more companies are narrowing their focus to cybersecurity leaders, emphasizing cybersecurity/security GRC. This makes sense because cybersecurity leaders are accountable for cybersecurity risk management not only within their own programs but also within the whole company. Aspects of GRC include cybersecurity risk across partnerships, contracts, and regulatory compliance while also being rooted in a wide array of risk assessments with cybersecurity implications. Although already addressed by cybersecurity governance, governance integrates more of that domain into GRC under an ERM program. ERM and overall GRC may fall under a cybersecurity leader instead of a CRO, depending on the company.

Anyone can use and modify this public domain document to meet their needs.

As a working cybersecurity professional, every attempt is made to separate professional and personal endeavors in a manner consistent with reducing conflicts of interest and maintaining ethics. Statements contained within this site are the explicit and implicit goals, objectives, endorsements, and educated opinion of the author of this site and not those of current or former employers.

Image
© 2025 James J. Fisher, All Rights Reserved. Contact Me


This site only uses session cookies for maintaining the state of each page. Users are not tracked, and information is not stored, processed, or analyzed for any other purpose. However, third parties linked to this site may use tracking cookies and techniques outside of the realm of control for this site.