Getting Started with GRC Governance, Risk, Compliance in Cybersecurity - Part 1
What Happened This Stream? 🚨
We did a review of the GRC space in Cybersecurity and discussed the importance and value of all things Governance, Risk, and Compliance.
A lot was reviewed and discussed whereby a Part 2 is now coming!
Website: https://leveleffect.com
Discord: / discord
Twitch: / leveleffect
Newsletter & Blog: https://news.leveleffect.com/
Recorded:
Sep 13 2024
00:05 - Cyber Risk
02:00 - Reducing potential harm or loss to three things - CIA
02:50 - When in doubt fall back to English terms if unsure
03:20 - Secrets management is still just Confidentiality
05:00 - CIA constitutes the degree of Cyber Risk
05:30 - The notion of risk and likelihood is entirely relative
06:50 - If we can "Assess the Risk" we can manage it
07:15 - Four ways to work with risk primarily
10:30 - Walkthrough of a Risk Scenario
15:00 - Don't underestimate GRC - the impact is HUGE, can change your business entirely
18:00 - Governance is the policy side of things, your "Security Program"
20:00 - Risk is about the identification and prioritization of threats
20:40 - Compliance can be similar to governance, but is more about external pressure
22:00 - Want a free GRC project to sharpen your skills? here you go
24:15 - Diving into Governance deeper now with a Security Program
25:00 - No one likes a ton of rules, work with your audience
25:50 - Keep things simpler for the sake of all with Governance
27:00 - When in doubt, start Governance with NIST
29:00 - SOC 1 and 2 are great because buy in, made by Accountants, easy to understand for others
32:00 - Visuals of NIST
33:00 - Career discussion and Q&A
40:30 - Comparing NIST CSF vs SP towards a scenario
45:35 - Let's focus on Risk now which informs Governance and Compliance needs
45:55 - Risk makes Governance and Compliance relative
48:00 - There are risk frameworks too! NIST, FAIR, ISO
49:25 - Good chance though your level of risk is just excel sheets of business history risk
52:00 - 6 Steps to start with Risk Management
55:00 - This is where Risk informs Governance and Compliance making it relative
57:40 - Best way to get GRC buy in is involving people, don't be the lecturer
59:50 - Going to have to make a part 2, general Q&A and advice
Watch video Getting Started with GRC Governance, Risk, Compliance in Cybersecurity - Part 1 online, duration hours minute second in high quality that is uploaded to the channel Level Effect 16 September 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 851 times and liked it 51 visitors.
