AdobeStock_3238152.jpegIn response to the headline breaches plaguing organizations across the globe, there have been numerous solutions and recommendations that have gained popularity in the fight to combat cyber-crime. New security appliances, 24x7 network monitoring services and red team assessments are a few of the solutions being discussed among IT leadership and the cybersecurity services community. While each of these solutions plays a crucial role in strengthening the cyber resilience of organizations, their efforts are often futile if the appliances are not being used correctly or if vulnerabilities are not remediated properly and expeditiously.

So, the question becomes, how do you manage your security program and ensure that your organization is following the proper processes, policies and procedures? The best way to do this is with an effective, cyber-centric IT Governance, Risk and Compliance (GRC) program.

Unless I’m talking with internal audit leaders, I’m often asked “What is IT GRC?” A closer look quickly reveals that the concepts covered by this acronym encompass topics that keep CIOs and CISOs awake at night -- at organizations of all sizes, in all sectors.

An effective IT GRC program delivers sustainability, consistency, efficiency and transparency through execution in strategic alignment, value delivery, risk management, resource management and performance management. Each of these domains are vital to the success of an enterprise’s IT effectiveness, however in today’s cyber threat landscape, it is imperative that an organization’s Risk Management Program sufficiently addresses modern cyber risks.

An effective Cyber Risk Management Program is an organization’s first defense from becoming the next headline breach. An IT audit or security assessment only delivers value if proper remediation steps are taken and supported by the board and senior management. An effective cyber-centric IT GRC program can facilitate the remediation and prevent future weaknesses.

Here are ten questions to consider which an IT GRC program will facilitate:

While an effective, cyber-centric IT GRC program will not prevent all cyber incidents, incorporating these 10 areas will better position your organization – away from being the “gazelle at the back of the herd,” in constant attack from cyber criminals.


 For weekly insights into cyber assurance, please sign up here:

Subscribe to Blogs



Mike is the partner in charge for HORNE Cyber. His primary focus is to enable clients to fully leverage technology innovations by providing the insights critical to safeguarding their business, customers’ critical data and brand reputation. He is responsible for information technology audit, regulatory compliance, information security consulting, internal control consulting and business solution implementation.

Find me on: