IT GRC (IT Governance, risk and compliance) is certainly yet to mature. Currently there is a lot of confusion as to what it is all about and what the subcomponents are? But it’s certainly proving to be beneficial to the organizations adapting to it. In addition to identity audit, a unified approach towards GRC increases efficiency, cost effectiveness and poses lesser risk.
IT governance is all about how decisions are made, who makes the decisions and who is to be held accountable; et al. IT risk deals with threats at every stage and in every area of the enterprise. Risk related to identity management- who has access to what, is the biggest question posed before the organization. IT compliance is about adhering to laws and regulations, primarily due to large data security and privacy requirements, like the ones demanded by financial compliance, healthcare compliance, Insurance compliance etc. Traditionally these components were dealt individually. But with IT GRC a holistic approach is gaining in popularity.
Summary: http://www.trailfire.com/roger802/trailview/67671
IT GRC (IT Governance, risk and compliance) is certainly yet to mature. Currently there is a lot of confusion as to what it is all about and what the subcomponents are? But it’s certainly proving to be beneficial to the organizations adapting to it. In addition to identity audit, a unified approach towards GRC increases efficiency, cost effectiveness and poses lesser risk.
IT governance is all about how decisions are made, who makes the decisions and who is to be held accountable; et al. IT risk deals with threats at every stage and in every area of the enterprise. Risk related to identity management- who has access to what, is the biggest question posed before the organization. IT compliance is about adhering to laws and regulations, primarily due to large data security and privacy requirements, like the ones demanded by financial compliance, healthcare compliance, Insurance compliance etc. Traditionally these components were dealt individually. But with IT GRC a holistic approach is gaining in popularity.
Identity thefts and confidentiality of highly sensitive information is the biggest concern facing many organizations today. This is a major concern especially in the areas on financial compliance, healthcare complianceand insurance compliance. Legally identity thefts have gained high recognition and legislatures are trying to draft more stringent rules in this regard. Enterprises are trying to reduce the risk by protecting the information they collect and ensuring that they use least amount of personally identifiable information possible.
Identity access managementgovernance will help organizations reduce risk by controlling identity related information. It will deal to a great extent with identity auditingand management, i.e. how identity access information are used, stored and propagated between their systems. It will help organizations to define policies that will ensure sensitive personal information being shared securely and confidently between various applications in the organization. This will help organizations to keep a tab on who has access to what inside the enterprise.
