NetVision Company Blog

A Discussion on Effective Audit of User Access

Ponemon on the role of GRC

Tags: , , ,

Ponemon released a new study on the role of Governance, Risk Management, and Compliance in organizations. And there are some interesting findings:

  • 63% indicated that their GRC effort began in IT (not Legal or Finance)
  • 44% of on-going GRC activity is in IT
  • 76% characterize privacy as ‘very important’ in IT as opposed to 37% for Finance
  • Top barrier to meeting GRC goals: lack of resources
  • Primary focus area of GRC: risk management (not compliance or governance)
  • Regulation most difficult to comply with: PCI-DSS (arguably one of the more specific of the regulations in terms of requirements)

These data points validate what we’ve been saying to our customers in a number of ways. We focus on managing risk more so than regulatory response and we’ve created a solution that is designed to address the ‘lack of resources’ issue. It’s also interesting how IT-centric the overall GRC programs are based on the responses. Give it a read for yourself and let us know what you think.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.