Skip to main content

Bridging the GRC and security divide with automated security control assessment

Security and GRC are separate functions that share similar priorities. In this case, it is the requirement to know without doubt what is going on beneath the complex layers of security and IT infrastructure. 

Pressed by the regulators that proactively request compliance assurance with increasing frequency and granularity, GRC teams turn to: 

  • their own tools which are not designed to provide hard, quantitative evidence of security controls, and 
  • security teams who are seldom any better equipped to produce the required metrics in support of a businesses’ security posture. 

This paper examines how these challenges can be addressed by automated security control assessment that eliminates the shortcomings of manual endeavour and enables self-serve capabilities that bridge the divide between GRC and security. 


Key Findings