IT Governance, Risk, and Compliance: A method of analysis based on the Symantec Response Assessment Module (RAM)
Part I of this blog series introduced the concepts of IT governance, risk, and compliance (GRC). To quote:
“In recent times, companies, organizations, and consulting firms from various sectors have started to address the great issues that lie at the base of IT. These issues are governance, risk management, and compliance. Every organization should be able to transform these problems into opportunities to continually improve IT. In practice, everyone realizes that these three issues are related.”
Here I will continue to expand on GRC issues by touching on phases 1.2.1: Design and 1.2.2: Build.
1.2.1 Phase 1: Design
In the Design phase, datacenter security analysis begins and a...