Gartner Blog Network

Posts from Date:   2013-9

New Self-Audit Toolkit

by Erik T. Heidt  |  September 25, 2013

In “Achieving IT GRC Success“, Gartner recommended that enterprises consider six core activities in the Execution phase of the IT GRC practice. These included: Risk Assessment KRI Measurement and Management Ad Hoc Risk Decision Support Compliance Management Audit Support Policy Management There are many aspects of Audit Support that are discussed in the document, and […]

Read more »

Effective Selection and Implementation of IT GRC Solutions

by Erik T. Heidt  |  September 20, 2013

The basic question is, how do you select tools to support your IT Governance, Risk Management and Compliance (IT GRC) needs? This has been a major focus for my research over the last 10 months. The first phase of that exploration focused on defining a guidance framework that could be used to identify the IT […]

Read more »

Relativistic Control Theory

by Erik T. Heidt  |  September 19, 2013

A few weeks ago I had the pleasure of attending a roundtable of IT Risk Managers. Most of the participants were folks involved in day-to-day risk and governance in financial institutions. During one of the presentations there was an exchange that occurred between one of the speakers and myself, that has helped me to understand […]

Read more »

Raspberry PI & Securing the DIY Internet of Things

by Erik T. Heidt  |  September 3, 2013

(Note, if you know what a PI is and just want to jumpstart the security posture of your device, skip to How do I secure this thing?) What is a Raspberry PI and who are these Makers? You have probably heard a number of organizations discussing the “internet of things” or “industrial internet”, an emerging […]

Read more »