エピソード
-
In this episode of GRC Uncensored, hosts Troy Fine and Kendra Cooley, along with producer Elliot Volkman, continue their pursuit of trying to understand what is explicitly holding the GRC world back. Joined by ISO expert David Foreman, the discussion tackles the roles of auditors, tech vendors, and market forces in shaping audit quality.
They explore the significance of audit integrity, the staying power of governance programs, and the varying expectations of companies undergoing audits. Amidst an insightful dialogue, the hosts debate the future of automated compliance tools, check-the-box audits, and the elusive definition of audit quality. Ultimately, the episode underscores the issue's complexity, emphasizing that it's not just about the vendors or auditors but also market demands and expectations.
00:00 Introduction to GRC uncensored
00:42 Meet the hosts: Troy and Kendra
01:05 Controversies and LinkedIn debates
01:37 International expansion and podcast updates
02:28 Commoditization of compliance 03:07 Introduction to Dave and his expertise
04:43 The role of vendors in compliance
07:49 Audit quality and market dynamics
09:49 The importance of audit integrity
13:11 Defining audit quality
20:26 Market expectations and audit quality
23:48 Staying power in compliance programs
28:00 High-quality vs. low-quality audit firms
28:59 Top qualities of a good auditor
29:19 Importance of knowledge in auditing
31:06 Compliance automation tools
32:26 Challenges in finding quality auditors
34:30 The reality of check-box audits
35:34 Accreditation and certification nuances
42:12 The future of auditing and trust centers
43:42 Closing remarks and shameless plugs
47:05 Final thoughts and tagline
Hosted on Acast. See acast.com/privacy for more information.
-
GRC Uncensored is back, and your hosts Troy Fine and Elliot Volkman are joined by Martin Cozzi, CEO of Pima, to discuss when, if at all, it makes sense to invest in a GRC tool to support a company's compliance efforts.
The discussion spans the necessity and use of various compliance tools, the challenges of scaling compliance, and the importance of having well-defined processes and dedicated personnel. They highlight the actual costs and benefits of compliance, questioning superficial practices and emphasizing the need for personalized solutions. The episode also addresses misconceptions and executive decisions crucial for maintaining compliance, offering comprehensive insights into modern GRC strategies and the evolving role of tools in achieving SOC 2 compliance.
00:00 Introduction to GRC Uncensored
00:22 Meet the Hosts and Guest Introduction
00:38 The Need for GRC Tools
02:52 Legacy vs. Modern GRC Tools
05:26 Challenges with GRC Tools
12:12 When to Choose GRC Tools
12:49 The Role of Processes in GRC
20:49 GRC Tools for Startups
23:20 The Cost of Compliance
24:43 The Role of Auditors
26:47 Touchless Audits: Pros and Cons
28:19 The Value of SOC 2 Reports
30:50 Choosing the Right Compliance Tools
32:31 The Future of Compliance Tools
40:46 Final Thoughts and Reflections
Hosted on Acast. See acast.com/privacy for more information.
-
エピソードを見逃しましたか?
-
In the first episode of 'GRC Uncensored,' hosts Troy Fine, dubbed the 'GRC Meme King,' and Elliot Volkman, alongside guest Kendra Cooley dive into the complexities of Governance, Risk, and Compliance (GRC) in cybersecurity. The discussion unravels the 'love-hate' relationship many security professionals have with compliance frameworks like SOC 2, exploring how they have become commoditized and possibly devalued over time.
The conversation touches upon the challenges security practitioners face in conveying the true value of GRC to businesses, the potential pitfalls of 'SOC in a box' offerings, and the broader implications of compliance becoming a 'check the box' exercise. Moreover, the episode delves into the broader regulatory landscape and the ongoing debates about the role of government regulations in cybersecurity compliance. This candid dialogue sets the stage for future episodes that promise further to dissect the nuances of cybersecurity audits and standards.
00:00 Welcome to GRC Uncensored
01:34 Introducing Kendra Cooley
02:05 Love-Hate Relationship with GRC
03:16 The SOC 2 Debate
04:33 Challenges with SOC 2 Audits
09:10 The Value of SOC 2 in the Industry
12:04 The Evolution of Compliance Frameworks
20:39 False Sense of Security in Compliance
24:46 The Buzz Around AI and Quantum
25:10 Staying Updated as a Security Professional
26:45 Challenges in Penetration Testing and Vendor Assessments
27:37 Compliance and Its Impact on Security
30:10 Government Regulations and Their Effectiveness
32:23 The Complexity of Privacy Laws
38:29 The Role of GRC Teams in Risk Management
42:30 Concluding Thoughts and Future Episodes
Hosted on Acast. See acast.com/privacy for more information.
-
GRC Uncensored is an experimental podcast designed to elevate real conversations with GRC professionals, auditors, regulators, and those building programs around it. Your hosts are Troy Fine and Elliot Volkman.
Hosted on Acast. See acast.com/privacy for more information.
