GRC

The Governance, Risk and Compliance (GRC) challenge is exacerbated by a changing landscape. Comsec Consulting has developed an innovative and unique Enterprise Risk Management (ERM) methodology that creates value. We focus on the opportunities or risks that an enterprise can take to create value.

GRC

The Challenge 
The unrelenting move towards risk management, global accounting, audit and corporate governance standards create major issues and opportunities. The Governance, Risk and Compliance (GRC) challenge is exacerbated by a changing landscape which includes advancements in cloud technologies, virtualization, data loss software-as-a-service, remote access and increasing mobility. 


Our Approach
Comsec has developed an approach to GRC that enables: 
• Better business performance - Reduced loss (from negative events) & increased reward (opportunities that otherwise go unseen)
• Increased efficiency and profitability
• Effective decision making - risk management is an inherent part of the decision-making processes 
• Less risks - fewer surprises

GRC Security Services
To match the changing regulatory, technology and business environment, Comsec Consulting has developed an innovative and unique Enterprise Risk Management (ERM) methodology that creates value. We focus on the opportunities or risks that an enterprise can take to create value.

IT Risk
• Risk Management
• Risk Assessments
• Regulatory Compliance
• Risk and Vulnerabilities Assessment

IT Governance and Compliance
• IT and IS Policies and Procedures
• IT Risk Strategy
• Information Security Strategy
• Risk Assessment Methodology
• Information Security Campaigns and Awareness Program 
• Information Security Training

Business Continuity Management (BCM)
• Disaster Recovery (DRP)
• Business Impact Analysis (BIA)
• Business Continuity Planning (BCP)
• Simulation and Training using ComSimulator 

ISO Compliance
• 27001
• 27799

Operational Risk Management
Internal Audit
Fraud and Embezzlement Prevention

Intelligent Access Governance
Today's fast-paced business environment requires employees to have access to information, whenever and wherever they need it. This leads to a constant struggle between enabling mobility and maintaining access controls. As more than 80% of the organisational data is unstructured, most data resides within file-servers, NAS devices, portals and mailboxes. The challenge is to manage and protect this vast data across an enterprise's unstructured data stores. In order to ensure proper governance, organisations need to be able to answer the following questions:

Do you know who needs access and to which systems?
Understanding who needs access and to what is a key factor in your overall access security.

Do you know who is doing what in your systems?
Do you have the capabilities to continually monitor your users’ actions and behaviour.

Can you demonstrate process robustness to your auditors?
In a diverse environment, demonstrating an overall sight is a challenge which cannot always be answered only with technology.

Combining pioneering Intelligent Access Governance technology with experienced information security consulting to deliver security, management and compliance of business critical applications. Our unique approach brings our clients the most advanced solution to identity and access governance. 


GRC Services Framework

Training and Awareness ProgramsWe provide training courses in corporate governance, risk management and compliance, including:
• Understand how to assess risk management & and how to implement ERM
• Learn how to stimulate improvement at any stage
• Assess and  prioritize risks to determine the contribution to the aggregate risk profile
• Discover how to raise awareness and embed risk management thinking and practice
• Balance both threats and opportunities to maximize value to the business
• Apply your ERM Process to a proactive role for internal audit
• Review continual measurement and monitoring risk environment and evaluate the performance of the risk management strategies
• Gain insights into current best practice in risk management
• Treat and exploit risks including the development of strategies for controlling and exploiting the various risks

GRC Identity Governance