Atlanta, GA (PRWEB) June 04, 2014
Modulo, a leading provider of Technology Governance, Risk and Compliance (GRC) solutions, today shared highlights from a two-part webinar series featuring industry thought leaders Doug Powell and Steve Hunt. Powell, CPP and PSP, is a Security Manager protecting critical infrastructure and working within the Canadian energy and utilities sector. He is also the Council Vice-President at ASIS International. Hunt, CPP and CISSP, is an industry analyst with Hunt Business Intelligence and a strategist spanning the breadth of the security industry: physical, homeland, and cyber security.
Comparing and contrasting a CISO view and an industry analyst view, the debate explored the problem that Enterprise Security Risk Management (ESRM) for complex Critical Infrastructure (CI) requires a new methodology. ESRM needs to converge the three common, yet siloed, elements of a CI environment:
1. Physical Security: Assessment methodologies do not include cyber risk.
2. IT Risk Management: Focuses on network based anomalies only.
3. Operational Technology, such as SCADA or Industrial Control Systems (ICS): Risk management is nearly non-existent.
These key requirements emerged for ESRM in a critical infrastructure environment:
The key debate that emerged was “What is more important: Risk, Compliance or Governance?”
According to Doug Powell, “This is all about GRC with a big ‘C’.”
“By ‘compliance’ I mean more than audits and regulatory frameworks. It is about every policy and standard that supports the organization’s objectives. It is a rules-based approach to security. It is about nurturing a culture of compliance and getting people to do what they are supposed to do every day. Lack of compliance is what will lead to the problems that we experience in our risk management strategy. Therefore risk is an outcome of effective compliance. And a strong governance layer drives the standards.”
Steve Hunt responded, “Ultimately I like ‘governance’ because it’s about making an organization run efficiently, effectively and getting the best policies aligned with how the business actually works and how people actually work. We can’t have 100% compliance. That’s why we have a risk view."
The common conclusion of the webinar is that there the need for a unified GRC model to make business run better. The speakers pointed to an example of Modulo Risk Manager as a potential platform for this unified model, in particular where it is being extended into a Command and Control model for the upcoming FIFA World Cup.
Modulo is a leading global enterprise provider of Technology Governance, Risk and Compliance (GRC) management solutions. Modulo’s award-winning Risk Manager™ provides hundreds of organizations worldwide with the tools they need to automate the entire GRC management process to monitor, manage and sustain adherence to policy and regulations while reducing enterprise risk and complexity. Customers span the financial, health care, retail, manufacturing, higher-education, telecom, energy and government sectors and include BASF, BC Hydro, Commercial Bank of Dubai, Microsoft, New York University Medical Center, Synovus Financial, and Schlumberger. Modulo has earned industry recognition as a 2012 Innovator of the Year and “5-Star” product review rating for three consecutive years by SC Magazine.
Visit http://www.modulo.com and follow Modulo on Twitter @Modulo_Intl.