Understanding GRC
What is the best videos or course to watch to help better understand the world of GRC?
There is not a lot of good information out there that is laid out in a constructive manner on the web. I was hoping ITPro had some good material. I am just not sure where to start watching.
D.J. Moore
darrellwmoore@me.com
Do not forget to mark your topic as "solved," if answered.
"The original idea of the web was that it should be a collaborative space where you can communicate through sharing information." --Tim Berners-Lee
DJ,
Good evening, I hope all is well. GRC is a broad topic, as it encompasses Governance, Risk & Compliance activities across the enterprise. It is discussed in any shows (at some level) that address Risk as a topic as noted below:
CISSP (ISC2)
CCSP (ISC2)
CISA (ISACA)
CISM (ISACA)
Having said that, I agree with you that the topic is often covered in a "scatter-shot" manner and is disjointed and hard to follow. The best certification based approach and material would be for CRISC & CGEIT (ISACA), but we currently do not have content in the library for these. You could look at the following NIST documents for a good primer on risk overall and the ISACA COBIT framework for the Governance piece.
NIST Risk Management Framework: https://csrc.nist.gov/Projects/Risk-Management/Risk-Management-Framework-(RMF)-Overview
ISACA COBIT: http://www.isaca.org/COBIT/Pages/default.aspx
Once you have had a chance to digest the info, please feel free to reach out as needed with any questions that you have.
Good luck !!!
Cheers,
Adam
