Understanding GRC

DJ Moore

What is the best videos or course to watch to help better understand the world of GRC?

There is not a lot of good information out there that is laid out in a constructive manner on the web. I was hoping ITPro had some good material. I am just not sure where to start watching.

Adam Gordon

DJ,

Good evening, I hope all is well. GRC is a broad topic, as it encompasses Governance, Risk & Compliance activities across the enterprise. It is discussed in any shows (at some level) that address Risk as a topic as noted below:

CISSP (ISC2)
CCSP (ISC2)
CISA (ISACA)
CISM (ISACA)

Having said that, I agree with you that the topic is often covered in a "scatter-shot" manner and is disjointed and hard to follow. The best certification based approach and material would be for CRISC & CGEIT (ISACA), but we currently do not have content in the library for these. You could look at the following NIST documents for a good primer on risk overall and the ISACA COBIT framework for the Governance piece.

NIST Risk Management Framework: https://csrc.nist.gov/Projects/Risk-Management/Risk-Management-Framework-(RMF)-Overview

ISACA COBIT: http://www.isaca.org/COBIT/Pages/default.aspx

Once you have had a chance to digest the info, please feel free to reach out as needed with any questions that you have.

Good luck !!!

Cheers,

Adam