Latest News and Resources

Latest News and Resources
Latest Resources to the GRC Community
Written by Robin Basham
Thursday, 01 December 2011 00:00
Print E-mail
User Rating: / 21
Enterprise Architecture and Compliance News - RegWatch and Latest News
Article Index
Latest Resources to the GRC Community
Now Available - Cloud & Virtualization Essentials™ PLEASE SIGN UP
The Holistic Information Security Practitioner Institute (HISPI) now welcomes EnterpriseGRC Solutions
Please Join Us AT ISACA’s 2012 Global Events Highlight Solutions for IT, Business Professionals
HOLD ON, For a short time only you too
All Pages

Mobile Security Technical Conference

Thursday Nov 15th 2012

8:30 am PST till 4:30 PM PST

Biltmore Hotel @ 2151 Laurelwood Road  Santa Clara, CA 95054

Register Now

Registration: Early Bird Registration (ends Nov 5th, 2012)
Members: $100, Non-members $125, Students $75

Regular Registration (from Nov 6th, 2012)
Members: $125, Non-members $150, Students $100

Please join us on Nov 15th for one day Mobile Security Technical Conference. Learn from the industry leader’s experiences and help create a secure mobile working environment for your organization.

Session Schedule

Session Topics


8:00 AM – 8:30 AM



8:30 AM - 9:30 AM

Risk Assessment for Mobile Devices and Applications

Kartik Trivedi Co-Founder at Symosis

9:30 AM - 9:45 AM



9:45 AM - 10:45 AM

MDM Solutions: Business and Technical Considerations

Bryan Wise Director of IT at Coherent

10:45 AM - 11:00 AM



11:00 AM - 12:00 PM

Mobile Security Innovation: BYOS (Bring Your Own Security)

Ben Ayed Founder - CEO at Secure Access Technologies

12:00 PM - 1:00 PM



1:00 PM - 2:00 PM

Mobile Commerce Security

Selim Aissi Chief Security Architect at Visa

2:00 PM - 2:15 PM



2:15 PM – 3:15 PM

Lessons Learned: 2 Years into Mobile Security

Mark Mellis
Associate Information Security Officer at Stanford University

3:15 PM - 3:30 PM



3:30 PM - 4:30 PM

Panel Discussion: Risk Management in Mobile Society


For details please contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it or call on (650) 762-9478.


Announcement for FedRamp

As of 9am on Wednesday, June 6th, 2012, the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) achieved Initial Operating Capability. As a part of IOC, the FedRAMP PMO is now accepting applications for provisional authorization of cloud systems. The application is currently housed on and can be accessed via the following URL:

FedRamp's communication encourages all cloud service providers and agencies with cloud services to apply for FedRAMP accreditation. All cloud service offerings used by the federal government are now required to meet the FedRAMP requirements. Should you have any questions or concerns, please don't hesitate to contact the FedRAMP PMO directly ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ). The GRC Blue Book is the world's largest database of risk and compliance applications. TheGRCBlueBook is the "Angie's List" of GRC vendor applications.  Let's support our well respected colleague James Bone, who's done the homework for us but we must write the reviews!

James Bone President,

Global Compliance Associates, LLC
Risk Luminosity Seminars, LLC
TheGRCBlueBook, LLC

(Reminder to self, get listed in the BlueBook!)

  • June 4th - 8th in Boston, MA at Hyatt Regency Boston
  • Risk Minds USA: North America's Leading Risk Management Event With 300+ Delegates
  • TheGRCBlueBook is a media sponsor for this event.

  • June 18th - 20th in San Francisco, CA at the Grand Hyatt
  • "Thriving on Risk – Risk Management for 21st Century"
  • Sponsored by ComplianceOnline and Produced by Risk Luminosity Seminars
  • Key Note Speaker:  Dr. Sam Savage, author of "The Flaw of Averages", Sanford University
  • Mention Risk Luminosity Seminars to receive discounts for this conference!

If you are interested in what is going on in DC regarding cyber security legislation, here are two easy ways to check in:

National Public Radio’s “Morning Edition” airing about a 5 minute segment on the cyber bill on Tuesday, May 8th that will probably air at either 20 past the hour or 40 past the hour depending on when you receive the show in your area.  I was interviewed for the story.

I also recently sat for an extensive interview with Richard Schlesinger, correspondent for CBS Evening News and EMC, addressing the cyber bills in Congress and how and why regulation will not effectively address our cyber security problems.  That interview is available on the EMC website, just click on the link below.

Listen on playback.  Conversation was outstanding!

Cloud Security Summit
Live on May 23-24 and afterward on demand

The main concern preventing organizations from fully adopting cloud-based solutions is doubt about security. Join this two-day Cloud Security Summit to connect with industry thought leaders as they focus on top-of-mind topics for securing the cloud and aligning it with your business.

Global summit lineup includes:

Understanding Cloud Security: Finding the Boundaries
Neira Jones, Head of Payment Security, Barclaycard

Turn Any Cloud into a Trusted and Compliant Environment
Ryan Holland, Solution Architect, AWS & Imam Sheikh, Sr. Product Manager – Cloud and Compliance, SafeNet

Securing the Cloud with SIEM
Marc Blackmer, Senior Product Marketing Manager, Solutions at HP Enterprise Security

View the full program and register to attend here

This week's featured panel: The State of IT Security and GRC in 2012

Live today May 1st at 5 p.m. BST / 1 p.m. EDT / 10 a.m. PDT and afterward on demand

Bringing together the top minds in the industry, The State of IT Security and GRC panel will focus on the challenges and opportunities that make 2012 unique.

Join Ron Ross, Computer Scientist, NIST Fellow; Dr. Anton Chuvakin, Research Director, Gartner; Andrea Hoy, Director, ISSA International; Dr. Said Tabet, Chair of GRC-XML Project, OCEG, as they discuss the technologies and challenges that will define 2012 and beyond.

Attend now

Ron Ross, Andrea Hoy, Said Tabet and Anton Chuvakin

Sponsors of the Cloud Security Summit:

In association with:

The Virtualization & Cloud Computing Group

Association of Information Technology Professionals

About BrightTALK
BrightTALK provides webinars and videos for professionals and their communities. Every day thousands of thought leaders are actively sharing their insights, their ideas and their most up-to-date knowledge with professionals all over the globe through the webinar and video technologies that BrightTALK has created.

Connect with BrightTALK


For more information, please visit us at, BrightTALK™, 501 Folsom Street, 2nd Floor, San Francisco, CA 94105

AuditNet® has developed an Audit Utilization of Technology Optimization Scale (AUTOS) to measure the maturity level of the use of audit technology by auditors. How would you rate your department on the use of audit technology?

Here are some of the key findings from other surveys on technology and internal audit1:

According to a recent survey by the Institute of Internal Auditors data mining and analytics are one of the top five skills sought for new internal auditors.

The 2012 Internal Audit Capabilities and Needs Survey by Protiviti reported that CAATs, continuous auditing and continuous monitoring are skills areas that auditors need to improve as the profession moves toward these approaches and techniques.

According to the 2011 TeamMate User Survey it is imperative that all auditors understand the technology tools available and use them on all audits.

The options available to CAE emphasize either hiring auditors with the technology skills to jump start implementation of technology initiatives which helps shorten the learning curve. Additionally providing staff with training for audit technology tools is a must.

According to the Grant Thornton 2012 CAE Survey … most CAEs seem to recognize that their departments can better harness the power of technology. Half of respondents acknowledged their organizations do not effectively use  governance, risk and compliance (GRC)-specific technology. Data analytics and continuous auditing technologies are gaining wider acceptance, however. Still, given the power of today’s technology tools, internal audit can do more.

Also here is the link to the AuditNet® survey which will shed light on how auditors are using technology and how far they have to go to achieve the highest level of maturity.

2012 State of Technology Use by Auditors Survey

Also if you are looking for CPE then check out

If you are an ISACA member then send an email to This e-mail address is being protected from spambots. You need JavaScript enabled to view it for special discounted pricing!


ISACA Registration Image

Visit the SANS TOP 20 Security Issues Poster

Working Effectively In Geographically Distributed Agile Project Teams

Geographically distributed agile is not an oxymoron. And, it sure isn’t easy.  Each organization has its own unique culture, so you’ll have to find what works best for you.  You need to start with the agile principles and values to derive your approach to distributed agile.

The good news is: You don’t have to do this alone!

Let Shane Hastie and Johanna Rothman guide you with the help of their two-day experiential workshop, Working Effectively In Geographically Distributed Agile Project Teams, April 17-18, 2012 . In the workshop, you will learn which kind of geographically distributed team you have, whether you are working on a project or a program, and which approaches might work best. You’ll experience planning and implementation on a distributed project, and we’ll examine how being human affects us all.

We’ll practice with iterations and kanban and see which—or both—might work best for you.

Come armed with your questions, we’ll make sure that we address the problems in the room. Want more information or  to join us? See more or sign up here,



In case you missed the Eva Maler and Symplified on Zero Trust Identity, and it was, hands DOWN, the best hour on identity this year!...

To see the video broadcast click here and register for the playback.  You won't be cookied or profiled, and you'll love what you hear

EnterprisGRC Solutions consistently applauds Symplipfied's company's committment to education in identity. Forrester provides the speaker  Eva Maler, who is a gem.

Got an issue or GRC event you want to promote?  Talk2me.  Chat back. Send me a tweet.

Chicks are cool2/23/2012


Please Join us on Facebook


Announcing extended special offers for ITIL Expert Brochure

Participants in ITIL Expert Still receiving a free IPad!

ITIL Expert on IPAD2

Have you been looking for the Perils of Mount Must Read?  It's going to be released again, except with a whole new spin for Virtualized business.  Get a copy while it lasts.  Perils of Mount Must Read, circa 2006, soon to be renewed for 2012

Cloud Computing & Virtualization How would you like a free iPad2?  Learn more about the CompTIA Cloud Essentials Examination or Sign up to take the ITIL Expert program and you could get an iPad2 for free.CompTIA Cloud Essentials

ITpreneurs Announces the Next Evolution in ITIL Training- (EnterpriseGRC Solutions is an Implementation Partner)

ITIL v3 Courses Updated to ITIL 2011 ROTTERDAM, THE NETHERLANDS (Marketwire - Dec 1, 2011) - ITpreneurs is implementing the next phase in the ITIL training evolution, announcing that ITIL v3 courses are being updated to ITIL 2011. The ITIL 2011 update will allow ITpreneurs' global strategic partners to access the most current and relevant ITIL materials for IT professional training.

ITIL 2011 is not a new version of ITIL, but a major upgrade of the existing ITIL v3 material. While the basic ITIL training framework remains the same, enhancements will ensure clear and concise concepts, resolve inconsistencies in text and diagrams, address suggestions from trainers for simplicity and improve publication materials.

"It is our priority to continue creating the best and most up-to-date training materials," said Sukhbir Jasuja, CEO, ITpreneurs. "With these updates, our partners now have immediate access to the highest quality ITIL competence training, eliminating the time and expense of them ...  ITpreneurs has already released a number of courses in its ITIL portfolio with the 2011 updates: ITIL Foundation, Operational Support and Analysis (OSA) module of the Service Capability stream and Service Operation (SO) of the Service Lifecycle stream. Additionally, the First Aid Kit and Quick Reference Card have been updated to reflect the ITIL 2011 update. Nine additional courses, the balance of the ITIL portfolio, will be updated in English by the end of December. To accommodate the global audience, portions of the ITIL portfolio are available in 11 languages, and will also incorporate the ITIL 2011 update.

Learn more at

The Holistic Information Security Practitioner Institute (HISPI) now welcomes EnterpriseGRC Solutions as member of their HISP Certification Board/Committee.  We are in the initial stages of establishing how we can best offer support to this very worthwhile organization. HISPI Organization Logo

EnterpriseGRC Solutions is an active member of Cloud Credential Council, an ITGI ISACA Sponsor and board member to multiple standards organizations both currently and across the last decade. The goal of our participation is to extend awareness of best practices in security and to make the examination process more accessible to learners from all age, gender and cultural backgrounds.  We believe the purpose of these certifications must go beyond the stacking of credentials on an elite and socially homogeneous stack of resumes.  The application of security and technology principals must reach into ethical and social behaviors, driving legal, organization and educational objectives in all countries and governments.

EnterpriseGRC Solutions is committed to a facilitated learning approach, where content is able to adapt to a broader range of learning styles.  Classic book knowledge is not enough to apply the important knowledge that is transferred by the body of information covered by such examinations as the CSA Certificate of Cloud Security Knowledge (CCSK), or the Holistic Information Security Practitioner Certification (HISP).  We want to see more women and more diversity in general among the persons who pass and contribute to these important exams.  It is also critical that people with less background in security be able to master concepts of Green Technology, the foundations of Cloud through CompTIA Cloud Essentials, and the foundations of virtualization throughITpreneurs Virtualization Essentials.

The Holistic Information Security Practitioner (HISP) Institute (HISPI) is an independent certification organization consisting of volunteers that are true information security practitioners, such as Chief Information Security Officers (CISOs), Information Security Officers (ISOs), Information Security Managers, Directors of Information Security, Security Analysts, Security Engineers and Technology Risk Managers from major corporations and organizations.

More About HISPI - HISPI promotes a holistic approach to information security program management by providing certification opportunities in information security, information assurance and governance.

HISPI focuses on international standards, best practices, and comprehensive frameworks for developing robust and effective information security programs.

The objectives of HISPI include:

  • To bridge the current gap between existing professional certification programs by proactively promoting the need to develop comprehensive and holistic information security programs amongst information security, audit and compliance professionals representing various sectors internationally.
  • To promote cost-effective training and certification to information security, audit and compliance professionals, particularly Public Sector and Higher Education employees, where budget constraints can be a barrier to obtaining such quality training and certification.
  • To provide a vendor neutral forum that will facilitate the sharing of knowledge, ideas and other positive initiatives for enhancing the current state of information security in various sectors internationally.
  • To research and develop an integrated system for widely accepted best practice frameworks that are applicable to Information Security such as ISO/IEC 27002, ISO/IEC 27001, COBIT, COSO, ISO/IEC 20000 (ITIL), NIST Guidelines, FIPS 200 (NIST 800-53).
  • To foster collaborative efforts across various sectors internationally, particularly government, law enforcement and commercial sector.
  • To foster a positive code of ethics amongst information security, audit and compliance professionals.
  • To reduce the cost of meeting legal, regulatory and contractual requirements pertaining to information security, across various sectors internationally.
  • In addition to the existing partnership with British Standards Institute (BSI) Americas, to also partner and collaborate with other reputable organization.

Talk2me.  Chat back. Send me a tweet.

Chicks are cool


Please Join us on Facebook

giftHere's a holiday present that will never cease giving, read "Legacy Letters" Or visit

Knowledge is only as valuable as the audience that gains understanding…  Everything is here is (for now) registration cookie and advertisement free.

A free training for Cloud and Virtualization, aims to encourage further study and achieving CompTIA Cloud Essentials and ITpreneurs Virtualization Essentials.  You’ll get some gems.  It will take around an hour.

Recently delivered to IMA and ISACA GRC Strategy – was to assist the CGEIT class.

CobiT Foundations Overview, enough to refresh before you take the exam, or allow you to prepare to attend and absorb foundation training.  Please, never skip the live interaction.  That’s where we make facts become practice.

GreenGRC a 4Point Method to integrate sustainability into your GRC Program

Perils of Mount Must Read – where you just might find your own name

Everyone should be concerned with CobiT 5, but if you really want to test your 4.1 Control Objective and Domain recognition, you can still quiz yourself with

In case you need a little more than a virtual vocab, study this

Then time yourself with three word search challenges

If any of you finish all three word searches, and you send me proof in a screen capture, I’ll find a way to make you famous on the site. I used to maintain a public page called URock.  I’ve got plans to create a rotating article about our best contributors again.  Just motivate me a little, and you can be first.

Why all this free stuff?  In case you want to become a Cloud Ready Professional, YES, I want to sell you training!

For Immediate Release

January 20, 2012
Scott McCallum, COSO
Office: +1-407-937-1247
Cell: +1-321-246-7649
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Consider Risk Appetite When Developing Business Strategy and Goals, Says New COSO Thought Paper

ALTAMONTE SPRINGS, Fla. – Jan. 20, 2012 – A new thought paper aimed at helping organizations better articulate, develop, and implement “risk appetite,” was released today by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on enterprise risk management (ERM), internal controls and fraud deterrence. Enterprise Risk Management – Understanding and Communicating Risk Appetite is the latest in a series of COSO papers providing ERM practitioners thought leadership on performing more effective risk management.

“An important COSO goal is to help executives and boards implement effective ERM processes by providing them with thought papers that discuss issues crucial to ERM success,” said COSO Chairman David Landsittel. “This paper emphasizes the idea that developing and communicating a risk appetite should be viewed by organizations as an important part of their ERM processes.”

According to the authors of the paper, risk appetite is the amount of risk organizations are willing to accept in pursuit of their objectives. Written by Larry Rittenberg, the Ernst & Young Professor of Accounting at the University of Wisconsin-Madison, and Frank Martens, a director in the Advisory Practice of PwC, the thought paper provides examples of statements of risk appetite and emphasizes the notion that risk appetite should be communicated by management, embraced by the board, and integrated throughout the entity.

“Organizations encounter risk every day as they pursue their objectives, and risk appetite is an integral part of an effective ERM system,” said Rittenberg “It may seem to be an elusive topic, but the reality is that a well communicated risk appetite serves as a boundary around the amount of risk an organization might take on, and should be considered when setting strategy or business goals.”

Enterprise Risk Management – Understanding and Communicating Risk Appetite is available for free download at or any of the sponsoring organization’s websites. COSO also encourages ERM practitioners and others to explore its other thought papers, as well as the 2004 Enterprise Risk Management –Integrated Framework, all available on COSO’s website.

About COSO

Originally formed in 1985, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM), internal control and fraud deterrence. COSO’s supporting organizations are The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA). Please allow me to pass along an important request from Jim Kaplan.

The professional standards relating to the auditor's responsibility for detecting and preventing fraud changed in 2009 when the Institute of Internal Auditors (IIA) updated the International Professional Practices Framework (IPPF). Auditors must now consider fraud risks and red flags as part of planning audits. In conjunction with these changes the IIA released Practice Guides for Internal Auditing and Fraud, Fraud Prevention and Detection in an Automated World (GTAG 13) and Data Analysis Technologies (GTAG 16).  ISACA also issued a White Paper titled Data Analytics - A Practical Approach.
According to GTAG 13:
Data analysis technology enables auditors and other fraud examiners to analyze transactional data to obtain insights into the operating effectiveness of internal controls and to identify indicators of fraud risk or actual fraudulent activities.

Most audit professionals and fraud examiners are aware of the ACFE Report to the Nation survey covering how frauds are detected, who commits fraud and the types of frauds perpetrated.  The ACFE survey found that over 40% of reported frauds are uncovered by tips. The report does not however ask questions relating to the use of technology in uncovering frauds.
AuditNet is conducting a survey to answer the question and determine fraud detection techniques using technology.
This survey seeks to determine the extent to which auditors and other fraud examiners are using  technology as part of their fraud detection and investigation strategy.
Please help us provide answers to the question relating to using technology in detecting and investigating frauds.  In appreciation for your taking this short survey (15 questions) we offer attendance at a 2012 AuditNet/FraudAware Webinar or a one year basic subscription to AuditNet.  (You must complete the survey and provide a valid email address (Hotmail and Yahoo not allowed).
Here is the link to the survey
Please forward this email to your network and discussion groups that you participate in as we want a broad and comprehensive representation for this survey.
Thanks for your support!

Jim Kaplan

Recipient of the IIA's 2007 Bradford Cadmus Memorial Award, AuditNet LLC,, The Global Resource for Auditors

ISACA Issues COBIT Assessment Program to Help Enterprises Ensure - Consistent and Reliable Processes

Rolling Meadows, IL, USA (7 December 2011)—For the past 15 years, enterprises around the world have been using COBIT to improve and assess their IT processes. Until now, however, a there has been no consistent approach for internal and external professionals to assess these processes. ISACA’s new COBIT Assessment Programme provides consistency and reliability so business and IT leaders can have confidence in the assessment process and the quality of the results as they maximize the business value of their IT investments.

After conducting a global survey in 2010 to determine market need, ISACA found that 89% of the nearly 1,400 respondents expressed a need for a rigorous and reliable IT process capability assessment. To fill the gap, ISACA has released the three-part

  • COBIT Assessment Programme based on COBIT 4.1 and ISO/IEC 15504-2:2003 Information technology—Process assessment—Part 2: Performing an assessment:
  • COBIT Process Assessment Model:  Using COBIT 4.1
  • COBIT Assessor Guide: Using COBIT 4.1
  • COBIT Self-Assessment Guide: Using COBIT 4.1

“The new assessment program provides a methodology that results in repeatable, reliable and robust assessments of process capability,” said Max Shanahan, CISA, CGEIT, FCPA, a member of the development team. “In addition to delivering immediate added market value from process capability assessment results, COBIT Assessment Programme also provides the basis for the establishment of broader maturity assessments.”

Norman Kromberg, CISA, CGEIT, CRISC, participated in the pilot program for the COBIT Assessment Programme with Alliance Data, where he serves as IT audit director.

“The COBIT Assessment Programme is not only workable, but also an effective tool for IT auditors to supplement their existing scope. It fills a gap by putting the lens on process capability,” said Kromberg. “Auditors and consultants will find it particularly useful, as will large and medium-sized organizations that are heavily regulated, such as banks and financial institutions, health care companies, government and state departments, and technology and service providers.”

The COBIT process assessment approach will be integrated into the upcoming COBIT 5 in early 2012. COBIT provides a comprehensive approach to ensure that IT is enabling the achievement of strategic business objectives. It is available as a free download at

The COBIT Assessment Programme guides are available at  About ISACA - With 95,000 constituents in 160 countries, ISACA® ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

  • Kristen Kessinger, +1.847.660.5512, This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  • Joanne Duffer, +1.847.660.5564, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Software as a Service (SaaS) has become mainstream IT. Applications like, ADP, Concur, Google Apps, Success Factors, Rearden Commerce and others are slashing the cost and complexity of IT and proving to be mission critical systems.   According to Forrester, Think Strategies, Gartner and others, enterprise-wide adoption of SaaS is widespread and has reached a tipping point, recently accelerated by the current economic downturn. 62% of enterprises have multiple SaaS apps today, and that number is growing quickly. As enterprises turn to SaaS as a way to reduce IT costs, new security and compliance challenges are created as confidential data moves across the firewall onto 3rd party systems.

Last summer's ISACA SV conference Auditing and Securing the Cloud was a tremendous success, but with one regret, that we weren't able to get Symplified in front of our audience.

EnterpriseGRC Solutions really believes in this company and product, and we have permission to present two areas on this web site.  Our commitment to educating compliance professionals to manage risk in the cloud is entirely supported by their mission and design.

Symplified started from the ground up by designing a modular architecture that natively supports cloud environments. Symplified is the first access management infrastructure-as-a-service designed specifically for public and private clouds


Symplified Sign-On was created specifically to provide enterprises with Universal SSO that works across SaaS, public and private clouds. Symplified Sign-On provides a single SSO platform for employees, partners and customers


If you understand the value proposition on these two products, you'll get at least ten questions right on the CompTIA Cloud Essentials Exam.

Symplified was modeled to address governing business and technology in the Cloud.


Review on Call 800 847-6821800 847 6821 or reach out via Skype My status

Chicks are cool



Please Join us on Facebook


Last Updated on Sunday, 21 October 2012 14:36
New Services
The GRC Buzz


Now Available - Cloud & Virtualization Essentials™




Push 2 Check


HISPIHolistic Information Security Practitioner Institute (HISPI) welcomes EnterpriseGRC Solutions as member of their HISP Certification Board/Committee Read More

GRC Solutions

ITpreneursITpreneurs is proud to name EnterpriseGRC Solutions as its newest certified partner. ITpreneurs and EnterpriseGRC Solutions will collaborate to increase Cloud and Virtualization concepts and controls, ISO 27001, COBIT and ITIL courses offered through EnterpriseGRC Solutions. “Every member of my organization has achieved at least one certification through ITpreneurs, and this is the second company that I’ve founded with that same promise. [...] It is a proud day, that we can be a part of ITpreneurs’ landmark efforts to bring forward CompTIA Cloud Essentials training and certification. - Robin Basham, Managing Partner.

ComplianceExchange A Blog We Love

Spontaneous Kudos - We've really been digging our digest from The Compliance Exchange

Review on

Have you read Value of a Conversation?

Please Join us on Facebook

Read More

Partners and Client Information
EnterpriseGRC Solutions is recently named as a member of the Cloud Credential Council. Holistic Information Security Practitioner Institute names CEO, Robin Basham, to their Education Advisory Board.

Ryma Technology Solutions names EnterpriseGRC Solutions as an Affiliate Partner.  More. Recent Wins: EnterpriseGRC Provides IS0 27001 Policy and SOA readiness for NetSuite Inc.  EnterpriseGRC Solutions Sponsor to ISACA ITGI.  Recent Partner Alignments include ITpreneurs, Control Solutions International

Request For Information? Please fill out our Wufoo form.

Wordle: Blog
Cloud Credential Council
Read More

ISACA Silicon Valley LogoAre you attending "Enabling Trust: Business In the Cloud"? Learn more.