How do you quantify the risk of being non-compliant? When talking about the ?C? in GRC there is a big C and a little c. The big C is your compliance program, the little ?c? is just another risk. Risk Quantification can help you assess the little c and it?s impact on your IRM program.
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by RSA Blog. Read the original post at: https://www.rsa.com/en-us/blog/2020-09/big-c-or-little-c-the-c-in-grc-quantifying-risk-compliance.html