GRC is not about Risk or Compliance
In my earlier post, “Security is Not the Point,” I explained why to most people security is an annoying layer of cost and inconvenience. I said that no one wants security, they want the benefits of security. But if security is not the point, what is?
The last time you had to do some tedious paperwork, you were no doubt muttering under your breath that you’d rather be doing the actual project and not filling out forms and writing a report. We are all like that. Documenting tasks and processes is not fun.
Compliance is like that, too. It is considered the necessary evil, the tedious paperwork required by “the powers-that-be” to meet some basic level of due care. Compliance requirements define the “minimums” for demonstrating that the business is being run responsibly.
However, compliance has a more attractive cousin. Read more HERE.