Cybersecurity GRC
This book chapter explains the theory and practice of cybersecurity GRC in enterprises. This chapter is open source and a work in progress
Topics covered
Information security definition
This section offers an expansive definition of information security to highlight its place in enterprise cybersecurity GRC.
This section introduces IT governance as the highest level/most abstract conceptual framework for operationalizing information security management within organizations.
Compliance frameworks and industry standards
This section covers key cybersecurity compliance frameworks and industry standards, including NIST, GDPR, ISO, SOC, HIPAA, and PCI.
Important cybersecurity regulations
This section shed light on the main cybersecurity regulations and standards pertinent to information security risk management.
The GRC approach to managing cybersecurity
This section situates GRC within IT governance and presents GRC as a risk management framework.
Ethical AI frameworks, initiatives, and resources
A literature review of ethical AI frameworks for the design and governance of AI systems and a pragmatic framework and approach for the ethical design of AI systems.
Last updated