This book addresses the increasing challenges faced by Cyber Governance, Risk, and Compliance (GRC) professionals, both "Auditors and Auditees," in establishing and maintaining a robust digital security posture. It highlights the necessity of a structured approach to managing organizational digital systems security, emphasizing the critical aspects of Risk, Threat, and Vulnerability management. The text acknowledges the difficulties associated with auditing and managing multiple global Information Security standards, guidelines, and compliance requirements through traditional methods.
The book advocates for the adoption of a "Unified and Integrated" audit framework, proposing a "Managed GRC as a Service" model for security governance. It presents a practical GRC implementation and audit approach designed to benefit both experienced GRC professionals and those new to the field, offering actionable strategies for enhancing cybersecurity and compliance efforts.
About the Authors
Santosh Desaiis an Industry Veteran with over 35 years of experience in technology, consulting, and outsourcing services. He possesses extensive domain expertise in providing cyber risk advisory, data centre consulting, and security operation centre services. https://www.linkedin.com/in/santosh-desai-16a85a/
Gauri Sapleis a CISA, AIMS, ISO certified professional, with over 12 years of experience in implementing integrated GRC frameworks across IT-OT and next Gen-AI platforms. https://www.linkedin.com/in/gaurisaple/
