Gartner Risk and Compliance Summit
- Monday, May 4, 2009, 15:12
- Threat Research
This year’s theme at the Gartner Risk and Compliance Summit centered on directions and tools to help organizations maximize their Governance, Risk and Compliance programs. No doubt, a reflection of the current economic climate.
Especially interesting was that few vendors really had anything innovative or different to offer compared to last year. Some were niche vendors who solve one piece of the puzzle but are trying to expand their offerings while others were broader GRC vendors that had matured their offerings.
What was clearly apparent is that customers are more then ever bent on consolidating vendors. The idea that you could have one platform to manage both security and compliance and with separation of duties built in, has gained momentum. And, controls automation, while a well-worn topic is also something that customers are becoming much more serious about as part of reducing the cost of audits.
McAfee co-presented a session with Tyco International on leveraging a risk-based approach to sustain compliance efforts, which resonated very well with attendees. Taking a risk-based approach could have helped mitigate some of the most publicized recent data breaches. Through regular automated audits and vulnerability scans and applying countermeasures to reduce residual risk, organizations can focus on assets most at risk – we call this the 80-20 rule.
Tyco International talked about