Security Risk Assessments

Threat Assessment and Risk Management using CIS Benchmark - DISA STIGS  and multiple platform- NIST 800-53 v4 - PCI DSS 3.2 - SOC2 2016 - HIPAA HITECH CSF - CSF Cyber Security Framework - ISO27002 - CIS CSC Top 20 - RMF - FedRamp - CJIS - UK CyberEssentials - FFIEC - GLBA - Any custom ISMS or ITGCC

Meet our CISO, CRO, CIO, CAE

IT & Enterprise Assurance

EnterpriseGRC will prepare your people, process, and programs for those critical and mandated risk conversations, such as SOC 2, ISO27001 RA, FedRamp, and HIPAA attestations. We train and support your second layer defense, improving your enterprise security effectiveness - Certified resources design and prepare evidence of SOX, SOC 2, PCI, ISO27, CJIS, HIPAA, NIST CSF CyberSecurity internal compliance policies, programs, and implemented systems. EnterpriseGRC understands the security product landscape and how to leverage your security architecture to demonstrate continuous and event driven compliance.   

Meet our Leaders FinTech RegTech Cloud

PMO Business Continuity & DR

Emergency Crisis Management Command Center, BCP Project initiation and management, Disaster Recovery (DR) Scope, Business Impact Analysis, Security - Identify and Prioritize, Assess Exposure, Establish, Document and Refine, Facility and Contract Management, Cybersecurity incident response exercises and planning

Meet our Leaders PMO & BCP

Ask about our Service Partners

 

Our partner network spans over 50 thousand shared business connections.  Let us be the beacon that finds you the exact talent, solutions, and resources to fit your most difficult and demanding service needs.

Meet PAT and NAT - Our Firewall Friends

Firewall Planning and Design

Read More...

Recommended Reading

EnterpriseGRC Solutions Reading Room (out of date - to be updated soon)

Read More...

GRC Stack CSA Initiative

This is an iframe.  The CSA site uses cookies.  Please identify the important content from this...

Read More...

Telecom Complexity

Telecom complexity is a series of Visio diagrams developed through a collaborative process while...

Read More...

Virtual Vocab

Virtual Vocabulary - can you navigate an interview involving all these terms?

Read More...

Ten Rules of Data

(These rules were first published in The Perils of Mount Must Read, December 2005 and posted and...

Read More...

CIS-CAT Pro

To effectively use this critical security content, you need to do two things; become a CIS member, (it...

Read More...

Change Management for Virtualization - Operating Model for Service Provisioning

The goals of Change Management haven't changed, just everything in the path of their achievement - View...

Read More...

Business in the Cloud

EnterpriseGRC Solutions assists clients to navigate risks and opportunities in cloud computing....

Read More...

RunBook UML

Did you know you can export a visio html map of your UML (Unified Model Language) diagram?

Read More...

Process Diagrams

Did you know you can export a visio html map of your UML (Unified Model Language) diagram?

Read More...

No SOC No $ervice

AICPA Service Organization Control Reports - SOC 2 “If your company currently uses third-party vendors to...

Read More...

Sarbanes-Oxley Compliance - CobiT and COSO

The foundations of Control Objectives for Information Technology, or Cobit, are especially useful...

Read More...

Make the right decisions faster; CIS CSC Top 20

Center For Internet Security Critical Security Controls V.6.1

Read More...

Security Concepts Quiz One

Think you got it now?  Are you ready to try a test?  Security Concepts Quiz...

Read More...

ICT Infrastructure Overview

We Know Telecom, Enterprise, and Cloud Security Pain Fractured market expectations where converged...

Read More...

RiskWatch

RiskWatch Implementation Rescue - Total Implementation in Eight Weeks or Less

Read More...

GRC Strategy 4Point Real World Use Case

4Point GRC, introduced in 2004 by Phoenix Business and Systems Process, evolved in 2007 and 2008,...

Read More...
CISO Summit

How Industry Security Requirements Drive Cyberthreat Resilience

We’ve been having a continuous compliance conversation, but did you know that compliance is a...

Read More...

Virtualization Wordsearch

 Virtualization Wordsearch - When you have a virtual vocab, you can listen to the engineering...

Read More...

Networking & Security

Networking and Security concepts are critical to assessing security policy in networked and cloud...

Read More...

Compliance Assessment

Assessment Services - EnterpriseGRC Solutions, Implementing a Compliance Framework

Read More...

Governance Risk Compliance Answers to a Tripled Bottom Line

Factors impacting Governance Risk and Compliance have easily tripled since the term first hit our...

Read More...

General Computing Controls to Cloud & Virtualized Environments

Notes from Attendees Workshop, ISACA SV - The Next Great Outage

Read More...
Perfect Trap

Can You Set A Perfect Trap

Challenge - Can you describe a fraud event that would not have been caught by any of these six...

Read More...
CISO Summit

CISO Summit - Security Automation on Steroids

CISO Forum 2016 at the Ritz-Carlton Half Moon Bay

Read More...

What are success factors in a Governance Risk and Compliance Program?

Question: What are success factors in a Governance Risk and Compliance Program? Strong project...

Read More...

ICT Infrastructure Overview

We Know Telecom, Enterprise, and Cloud Security Pain Fractured market expectations where converged...

Read More...

GreenGRC Use Case

Climate Change isn't the only reason to care about GREEN Governance. View Real World GRC...

Read More...

Urkel You're In the Cloud! or "Did I do that?"

Whether you understand Cloud frameworks, operating models, taxonomies and deployment options, or...

Read More...

Stand Your Your Conscience

Since the 2017 travel ban and the intense turmoil over relations in and out of the United States,...

Read More...

Procedure Guidelines and Controls Documentation

Procedure Guidelines and Controls Documentation December 11, 2005 © Robin Basham, M.Ed., M.IT,...

Read More...

Walk This Way

If Steven Tyler did security, it would be really cool security.

Read More...

Security Assessment

Can you pen test?  Can you do it better than a blackhat? 

Read More...

Cloud Data Centers Tend To Get It Right

World Class Data Centers tend to get Virtualization and Cloud right - If you want to adapt your...

Read More...

Center For Internet Security Critical Security Controls

Center For Internet Security Critical Security Controls V.6.1

Read More...

Data in the Cloud

How old is your facebook picture? (No, don't tell me, I don't care.)  How much of our privacy...

Read More...

Catastrophic Becomes Routine - NIST Cybersecurity and Critical Infrastructure

CHALLENGE - NIST Cybersecurity Framework for Improving Critical Infrastructure Order 13636...

Read More...
Virtualization Risk

Virtualization Risks

Cloud Computing is easily the highest rated topic in current technology design, implementation,...

Read More...

ERM and Incident Response

90 sides take you through process and technical aspects of Risk Oversight and Risk Exposure...

Read More...

RunBook Service Catalog

RunBooks Service Catalogue Management

Read More...

Data Loss Protection

How many unauthorized data exfiltration attempts have been detected recently by the organization's Data Loss...

Read More...

Networking & Security Monitoring Concepts

Networking and Security concepts are critical to assessing security policy in networked and cloud...

Read More...
White Hat With No Permission

Security Programs Overview

Can you pen test?  Can you do it better than a blackhat? View this presentation full...

Read More...