Putting The Spotlight On Your Information Security (Part 1)

Assurance As A Factor Of Organisational Success.

Many organisations are facing ever increasing levels of complexity and ambiguity in managing their Assurance through Governance, Risk and Compliance (GRC) processes.  These challenges need to be addressed dynamically, and with structure, to deliver stability for both the organisation and its customers. 

By identifying and dealing with the risk factors associated with existing compliance policies, an organisation can pre-empt problems and maintain compliance. Identification of up-coming threats will help an organisation comply with regulations from external and internal mandates at a lower cost than fire-fighting changes that are dictated to them.  Identifying challenges early is key in this process – although until recently this was never easy to manage.

In 2016 96% of organisations used at least one high-risk application (CHECK POINT - 2016 SECURITY REPORT) causing leading organisations to seek ways to reduce the expense and time associated with good Assurance functions – while maintaining best practice and consistent quality.  This can be achieved through shared methodologies, process optimisation and standardised models. 

Organisations can move their Assurance functions to a co-sourced or outsourced model via a Managed Services Provider (MSP) for further efficiencies.

The feature requirements of a modern Assurance platform are:

• The platform will deliver total governance with the organisation’s business framework and objectives. It will provide a detailed reporting solution for the policy management team and a well-conceived decision support mechanism for higher management when needed.
• The platform should deliver continuous risk management across multiple zones within the organisation. Above all it should provide a clear understanding of the risk level that the organisation is facing.
• The platform should provide access to all applicable compliance level requirements and their controls – and the ability to assess common requirements across different compliance regulations.

Creating an effective strategy for Assurance should be based on an assessment of strategic and financial risk and compliance while delivering value protection throughout the organisation.

Selecting the right systems for an effective Assurance process strategy requires some general considerations:

• Cost efficiency - including the total cost of ownership (TCO) across infrastructure, consultancy, training and management.
• Vendor reputation – an organisation should choose its GRC partner carefully and based on experience, longevity and demonstrable capability within the organisations market.
• Product Strategy and Vision – a partner should be able to show their long term strategy and prove that their systems will be able to evolve to fit within the GRC landscape in the medium to long term.
• Simplicity – most up to date GRC platforms will provide an organisation with a clearly defined workflow, strategic management capabilities, pre-defined reporting and mobile ready interfaces for simplified operation.
• Integrated Capabilities – modern GRC platforms will integrate policies, controls, risks, assessments and deficiencies across the organisation.
• Collaborative – modern platforms will also deliver a seamless experience for users across multiple domains and environments, allowing for shared resources and policies.

In 2016 remote admin tools were found in 92% of organisations (CHECK POINT - 2016 SECURITY REPORT),  it's a growing trend that organisations are increasingly leaning towards outsourced Assurance platforms to achieve collaboration across governance, risk and compliance. This approach will improve an organization’s ability to deliver a fully functioning Assurance processes and platform that fits its need and will help it manage the complexities associated with Assurance efficiently.

  - By Martin Collins (Head of Networking and Security)