Compliance for the Masses - Simplified Models
Mission Operations - PCVMR Cycle
Workflow for Analyzing Security Context
Security and Auditing are Multidimensional. Not On...
Circling Back: Repeatable Processes
VMware vCloud Director Segmentation: PCI and HIPAA...
The Circle of Trust - Cloud Audit Assurance
Cloud Security and GRC: Internal Controls
Here is a snippet from some of the postings that summarize the model. I will build on this and organize it over time. I have much more detailed information to add to this approach. If you skim through this - take a moment to first learn the simplicity of the PCVMR Cycle, and then learn to picture GRC's application to each of the P-C-V-M-R Cycle processes and each of the hardware and software assets.
Leading off the previous post, let's delve deeper into the processes that helped provide mission assurance to the crew taking the boat down to operational depth. We spoke of submarines and the mature operational approach that allowed a crew barely out of high school, most with no formal education, to not only function in these demanding environments, but excel and push themselves and their equipment to the extremes.
"The GRC software space is vast with numerous vendors. In fact, in my market models there are over 400 GRC software providers that span 28 primary categories (with numerous sub-categories) of GRC related software. Nine of these categories encompass components of an enterprise GRC platform (though no vendor does all nine components), 19 of the categories are focused in specific business functions/processes of GRC. Of the 400 vendors, it is under 50 that market and present themselves in the enterprise GRC domain."