Is Your GRC Program Really Reducing Risk?

As compliance obligations multiply, many organizations are becoming better at passing audits but not necessarily better at reducing risk. CIS’s Chief Information Security Officer Sean Atkinson, calls it “GRC theater,” a performative model of governance that “looks impressive on paper, but at the end of the day, nothing meaningful has changed.” Watch his discussion with Anna Delaney of the Information Security Media Group.

Read more