Full width home advertisement

Post Page Advertisement [Top]

I posted a question on compliance a few months ago and got some very good responses. Since then, I've still been thinking about it, and I think I have identified an area where SMBs could be helped with some software:

The problem:

As a SMB, the mainstream GRC apps are too costly and complex for my organization. I simply need small apps like a risk register, an evidence tracker, and a place to create and store 3rd party risk assessments. While a full GRC platform can accomplish this and more, I simply don't "need it all".

You may be asking, "Can't these items be tracked with Excel sheets?" Well, yes. And those work for some organizations, however, excel sheets are inflexible, not easily automated, and prone to "copies" being saved elsewhere.

The assumptions:

Data breaches are becoming more and more frequent, especially as we're seeing in the healthcare space currently. As this progresses, business partners and/or insurance companies will begin to require assurances of security controls (if they have not already). This is likely to start slow by providing security policies and evidence of compliance.

The majority (but not all!) of people in cybersecurity dislike or avoid the GRC side of the profession. Especially in an SMB setting, the security team/individual are most likely focused on configuration, deployment, and monitoring of security tools and less so on policy and compliance. The security position is usually delegated as a "secondary responsibility" to someone in the organization.

The solution:

Small, purpose-built GRC apps targeting SMBs getting into security. Affordable and available a-la-carte and without dependency on one another. No talking to salespeople, no meetings. No "request a quote".

Apps like stated above: Risk register, Evidence tracker, Risk Assessment creator.

Apps that guide you through the process, but also allow for some customization. Reminders when updates or actions are required, encouraging compliance. Easily exportable data to provide as evidence of compliance. Data that is consistently recorded and actionable.

To be fair, I know this is basic functionality in other GRC apps, but the problem I believe needs to be solved is for the smaller businesses that may only need a portion of what is offered in larger apps.

So, that's what I'm thinking. Good idea? Bad idea? Would you buy this? Feel free to roast me in the comments if I'm missing something here. submitted by /u/dank_hank
[link] [comments]


http://dlvr.it/T8S5QT

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib