GRC Tools – the integration effort

The integration effort debate! Summary For those of you that cant read the entire post, the question here is how much time it will take you to produce, upload and update the information asociated with ISO 27001 Risk Management or PCI-DSS. In every case, the time you spent uploading or updating data to eramba is…

Read More

Security Controls Catalogue – Isn’t time to learn from ITIL?

I believe a great concept was introduced by ITIL with the definition of “Portfolios” or “Catalogues”. The idea is quite simple and of great use: define your services, spend some time thinking what they cost, what they, for whom, how you measure their efficacy and if you are brave enough: their efficiency. Having this information…

Read More

Data Flow Analysis – To the point Risk Analysis?

Data flow analysis are perhaps a new(?) method for analysing right to the point the most important data assets. Just so we are all in the same page, we refer here as “Data assets” as end-assets… like Napoleon used to say, one example clarifies everything: Financial Data, Credit Card Number, Medical Files, Personal Information, Source…

Read More