IT Governance, Risk, and Compliance

IT Governance, Risk, and Compliance (GRC): A method of analysis based on the Symantec Response Assessment Module (RAM)
1.1    Introduction
1.2    GRC Analysis: a new method based on the Symantec Response Assessment Module
          1.2.1    PHASE 1: Design
          1.2.2    PHASE 2: Build
          1.2.3    PHASE 3: Assess
          1.2.4    PHASE 4: Operate
1.3    Final conclusions

1.1   Introduction

In recent times, companies, organizations, and consulting firms from various sectors have started to address the great issues that lie at the base of IT. These issues are governance, risk management, and compliance. Every organization should be able to transform these problems into opportunities to continually improve IT. In practice, everyone realizes that these three issues are related.
The term "IT governance" refers to a part of the wider corporate governance that deals with the management of information technology inside organizations. The main purposes of IT governance are information risk management and the alignment of systems to business objectives, which help to ensure that IT investments can generate value for the company.
To achieve these objectives, the organization should provide an organizational structure with clearly defined roles and responsibilities within a comprehensive framework of documents. The framework should regulate matters, including:
o    Management of IT assets (liability and classification of assets);
o    Physical and environmental security;
o    Protection from harmful codes and malware in general;
o    Management of business continuity;
o    (continue reading...)