Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 28 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Gartner Security Summit – Vendors are not offering GRC solutions, despite claiming that they do

by The Gurus
September 8, 2014
in Editor's News
Share on FacebookShare on Twitter

Vendors claim to be offering products and solutions in the governance, risk and compliance (GRC) space, but these rarely fit the analyst specification.
 
According to Paul Proctor, vice president, distinguished analyst and the chief of research for security and risk management at Gartner, there are plenty of vendors in the space who have their preference for some technologies, but often technologies do not fit into what it deems to be the GRC model.
 
Speaking at the Gartner Security and Risk Management summit in London, he said that in a new approach into insight, Gartner de-emphasised the differentiation of the presence and demonstrability of features and functions, and increased its weighting on implementation and production use of GRC products against specific use cases. This led to a number of vendor technologies being classified as “the posers list”.
 
He said: “I told them to ‘stop saying you do everything when you do not, and stop saying you do GRC when you do not’. You can call your product GRC if you want, but I have given up on the notion of what is and is not GRC.
 
“I am getting closer to giving up on the term, it is a great management and process term and I am a fan of risk-based stuff and decision and compliance about correct mandates. But everyone’s workflows are different, if you want to call it GRC, go for it, but there are specific guidelines for GRC and there may be something different for you to offer.”
 
He said that after sending out close to 600 surveys, and getting back 359 at the last count, of 78 vendors it spoke to about GRC, only half had an element of GRC in their product. “Lots of vendors said ‘we are leaders’ but did not produce references. Lots of vendors don’t agree with this as they do not support GRC, but do segregation of duties and enterprise resource planning,” he said. “That is a very specific set of technologies and they call it GRC, and can do it but it doesn’t fit, and we don’t call it GRC.”
 
He said that a number of technologies do not support the Gartner GRC use cases for IT risk management, operational risk management, vendor risk management, audit management, business continuity management, corporate compliance and oversight. He specifically named HP, McAfee, Microsoft, NetIQ, Oracle GRC, Qualys, Symantec and Trustwave in this section.
 
He said: “Some do something and call it GRC, but it doesn’t mark Gartner definitions. Just because we say it is great, doesn’t mean it is right for you.
 
“Many call me and say they do not do good risk management, so what should we buy? Tools automate good process; they do not create good process – everyone who tries to buy a box to solve a problem wastes money!”
 
He concluded by saying that the simple steps for success for GRC are to: build GRC use cases preparing for no more than ten; prioritise the list and focus on the first three; build good processes and workflow and match the use cases to tool functions.

FacebookTweetLinkedIn
ShareTweet
Previous Post

Gartner Security Summit: Correct controls between user and data can help with attack mitigation

Next Post

Gartner: 2014's top ten security technologies

Recent News

software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023
ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information