Tag Archives: grc

commissum at Infosec Europe 2011

Another Infosec Europe has come and gone. Once again, commissum had a strong presence; the company’s sixth year of exhibiting at this premier event.

Information Security experts commissum managed to make the even a great success, despite visitor numbers being reported as 15% down on the previous year owing to the timing falling immediately before the Easter and Royal Wedding holiday weekends. We had over 500 visitors to the commissum stand asking for information on the company and arranging follow-up meetings after the show.

The commissum stand this year will have been familiar to regular attendees of the event. Our corporate colour of deep yellow once again stood out with our smartly dressed stand staff in their white shirts and yellow ties. Our credentials as a CREST company and CLAS consultancy provider were once again prominent.

At this year’s show, as usual, members of the commissum team were on hand to discuss our visitors’ requirements, provide advice, and also explain the services we offer. This naturally covered our complete portfolio across security management, penetration testing, consultancy and technology services; however, this year we also put some emphasis on two areas; both attracting strong interest:

Project/software development lifecycle (SDLC) security; and Managing Governance Risk & Compliance (GRC) through true unified governance.

We were supported in the above areas by our partners DB3, who demonstrated the HiScout Unified Governance suite, and Checkmarx, one of the leading innovators in the field of static code security analysis. Both partners received a lot of attention with their industry leading tool suits.

Via EPR Network
More Internet & Online press releases

GRC (Governance, Risk and Compliance) is a recent acronym that has quickly spread among the senior management community around the world

Initially this was sparked by the fallout from a number of major corporate governance scandals, including those affecting Enron, Tyco and WorldCom; all of which led to the enactment of the US Sarbanes-Oxley Act and the concept of a more holistic view of Governance, Risk and Compliance. Interest has also grown rapidly in the UK as legislation and compliance requirements have increased.

Traditionally, most organisations ensure compliance with legislation, regulations and standards by instructing each department to determine the requirements for compliance and specify actions and controls to achieve this. Organisations will therefore have a number of organisational departments for business continuity (possibly aligning with BS25999), for IT security (in many cases aligning with ISO27001), for quality management, etc.

They will certainly have risk management carried out by these various departments, all identifying risks and controls and also individually reporting on these. Managing all of this and pulling it all together into a coherent picture upon which business decisions can be made and priorities can be based in an efficient and effective way is a complex challenge.

commissum’s Principal Assurance Consultant André Coner noted that as the number of legislation, regulatory and compliance requirements increases, the number of departments involved also increases, each defining their own controls and measures. This silo approach causes each department to “re-invent the Wheel”, wasting valuable time and increasing costs while introducing duplication, redundancy and confusion.

commissum’s approach to Unified Governance, Risk management and Compliance creates a common source of information. It creates a common model of the organisation; a unified methodology for managing risk, controlling deficiencies and measurement.

Via EPR Network
More Internet & Online press releases