Announcements
Voting is now open!
Members, make your selections in the annual (ISC)² Board of Directors election. Vote Now! Voting is open until Sept. 22.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Daniel-Nash1
Newcomer III

Industry emphasis on Risk Management?

Recently I have heard of more and more inquiries as to how Risk Management is being handled and what is being used as far as tools.  This appears to be a current topic of renewed interest.  What have others seen or heard?

4 Replies
Krisboike
Newcomer II

Re: Industry emphasis on Risk Management?

In my organization, ($800M revenue), we have not been able to receive funding for a GRC tool.  So I have used the Gartner/CEB spreadsheet template, constructed within SharePoint a Risk Register and a Security Risk Exception repositories and request and approval workflows.  Not bad for a poor-person's solution.  It has passed SOC2, Type II and ISO 27001 External Certification two years now, and Hitrust Certification as well. 

Damyen
Newcomer II

Re: Industry emphasis on Risk Management?

I'm in the same boat as you, we have not been able to receive funding for a GRC tool. Where could I get a copy of the Gartner/CEB spreadsheet template?

danyo
Newcomer II

Re: Industry emphasis on Risk Management?

My org has updated to RSA Archer 6.x. As a submitter, I find it pretty easy to use and our information protection team has customized intake questionnaires to expedite the assessment/review process. 

Jazyrn
Reader I

Re: Industry emphasis on Risk Management?

I am relatively new to my organization, it does not appear the we have a culture that is thinking integrated risk management at this time. I appreciate the insight about the Gartner spreadsheet, perhaps I can use this as an introduction to the need for change towards an integrated risk management approach within the organization.