Yanny or Laurel? Integrated Risk Management or GRC?

We have all heard it.  In one way or another.  The Yanny vs. Laurel sound clip is raging across the internet.  Mainstream media has thrown major fuel on the fire.  Jimmy Fallon spent considerable time debating on his show with Questlove throwing in his own version.  Which camp are you in?  It is amazing how an audio trick manipulating the pitch of a sound clip can get so much attention.  Clever?  Yes.  Earth shaking?  Not really, but a distraction from the normal day-to-day grind.  While not as hot of a topic – I doubt Ellen or The Today Show will pick up the story – risk management has its own Yanny and Laurel.

The term GRC has been in the industry for over 15 years and while it has been accepted and grown to represent a core business process in many organizations, it also has built perceptions around the feasibility and applicability of these programs.  In some organizations, GRC has taken hold and is an accepted term.  In other organizations, though, GRC represents a bureaucratic, complex concept requiring heavy operational processes resulting in little value.

DevOps Connect:DevSecOps @ RSAC 2022

Today, organizations are faced with a much more complex and fast moving challenge that GRC programs may, or may not, be equipped to address.  Many organizations are being overwhelmed by the magnitude, velocity and complexity of existing and emerging risks – struggling to respond to business risks, rather than seizing opportunities (Read more...)

*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Steve Schlarman. Read the original post at: