With the vast array of vendors claiming to have IT governance, risk, and compliance (IT GRC) products, the true definition of IT GRC has gotten lost, and security professionals are left confused and uncertain. In an effort to institute clarity, Forrester has defined the interconnected IT GRC life cycles using standards-based frameworks. Vendors that provide products to automate and integrate the functions of these life cycles are considered to be IT GRC vendors, while others are simply exploiting the well-deserved interest and attention in IT GRC to dress up their security products in new clothing.