Governance Risk & Compliance (GRC)

Every organizational business function and process is governed in some way to meet objectives. Each of these objectives has risks, as well as controls that increase the likelihood of success (or minimize the impact of failure). These are the fundamental concepts of GRC. To maximize business performance, GRC programs are designed to help companies avoid major disasters and minimize the impact when avoidance is unlikely.

Latest Research

  • For Security & Risk Professionals

    REPORT: Avoid Corporate Scandal Caused By The Surveillance Economy

    A Guide For CISOs To Stop Unethical Surveillance Tactics Before They Start

    April 12, 2019 Jeff Pollard, Claire O'Malley

    Welcome to the era of widespread personal surveillance. Organizations have joined the government in collecting, analyzing, and storing oceans of personal data. The private sector is fully engaged in economically endorsed spying that is enabled by tech, encouraged by unscrupulous advertisers, and made difficult for customers to escape. In this report, we help security and risk leaders guide their firms to compete ethically against those using surveillance to discriminate, manipulate emotions, and modify behavior.

  • For Security & Risk Professionals

    REPORT: Harden Your Human Firewall

    Engagement And Communication Tactics That Strengthen Security Culture

    March 25, 2019 Jinan Budge, Claire O'Malley

    Building a strong security culture is no easy task. It requires strategy, vision, people, and the right attitude to change behavior and set a cultural shift in motion. This report highlights some of the best communication and engagement methods that security leaders have used to instill a culture of security among executives, business and technology leaders, employees, and customers. CISOs can use this catalog of methods to move beyond online training courses and more effectively engage the hearts and minds of their key constituents. This is an update of a previously published report; Forrester reviews and updates it periodically to ensure continued relevance and accuracy. This version was updated to include strategies and tactics that CISOs and their teams can use to educate and train stakeholder groups.

  • For Security & Risk Professionals

    REPORT: Top Recommendations For Your Security Program, 2019

    Landscape: The S&R Practice Playbook

    March 25, 2019 Paul McKay, Jeff Pollard, Jinan Budge, Joseph Blankenship, Andras Cser, Merritt Maxim, Amy DeMartine, Claire O'Malley

    Each year, Forrester outlines the most important recommendations for your security strategy for the coming 12 months. We base these recommendations on thousands of client inquiries and interactions, consulting engagements, and dozens of primary research interviews with chief information security officers (CISOs), security vendors, and major security consultancies and service providers. CISOs: Leverage this report to guide your security program strategy and prioritize changes to security architecture and operations for the coming year.

  • For Infrastructure & Operations Professionals

    REPORT: Design For Dependability By Embracing A Future Of Trusted Technology

    Reliable Services Are Critical For A Secure, Always-On Economy

    February 25, 2019 Naveen Chhabra

    As the world evolves into a connected web of services that weave devices, users, and data in a seamless user experience, the megacloud providers have set expectations — for always-on capabilities, limitless capacity, and resilience in the face of occasional lapses in availability — that developers and infrastructure and operations (I&O) pros must now meet. These expectations for continually available services require new ways of thinking about and delivering user experiences. This report outlines the practices I&O pros need as they embrace dependability, over and above mere availability, in delivering services.

  • For eBusiness & Channel Strategy Professionals

    REPORT: Accelerate Startup Onboarding With A Risk-Tolerant Approach

    Balance Innovation And Risk When Working With Emerging Vendors

    February 20, 2019 Oliwia Berdak, Duncan Jones

    Digital leaders keen to access cutting-edge technologies are betting on startups. But traditional, risk-averse supplier management models often prevent them from working with promising emerging vendors. This report will help digital business and procurement professionals work together to balance innovation and risk when working with startups.

View all research

Analysts Who Cover Governance Risk & Compliance (GRC)

View all related analysts

Charts & Figures

View All

Related Topics