Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance
Keywords:
ISO/IEC 27001:2013, GRC, ISMS, Risk Management, IT GovernanceAbstract
In organisations, ‘Governance’, ‘Risk’ and ‘Compliance’ (GRC) are among the basic and strongest pillars that work together for the purpose of assuring organizations in meeting their objectives through effective utilization of the available people, process and technology. It is challenging task for most enterprises for sustaining Information Security GRC program with the evolving governance needs, changing risk environment and multiple compliance requirements. ISO 27001:2013 encompasses all the goals of GRC under its Information Security Management System (ISMS) framework through which an effective GRC framework could be established and maintained. In this research paper, researcher have established the relationship between ISO 27001:2013 and GRC while discussing the standard along with GRC objectives.
References
Ernest N Young Company “Implementing-a-governance-risk-and-compliance-program “
Risk & Compliance (GRC) Institute for Software Technology and Interactive Systems “A Frame of Reference for Research of Integrated Governance”.
EMC Corporation “The case for GRC –addressing the top 10 GRC challenges”- white paper.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
