After talking to literally dozens of practitioners and vendors, what was most striking was the fact that the term ‘GRC’ is largely absent from the European security vocabulary. I watched a few US-based companies drop the term on attendees and they were met with puzzled looks. More than once, I overhead the attendees asking what [...]

We’re busy getting ready for SOURCE Boston next week. On the 10th, we’ll be hosting a FREE workshop centered around the Massachusetts Privacy Law. While this piece of legislation has been delayed, yet again, we feel that the community has a vested interest in a concerted and coordinated response and we couldn’t think of a [...]

To date, folks have chosen a best practice framework such as Cobit or ISO and then cherry picked specific controls to align along their audit and operational requirements. Unfortunately, there is a lot of mismatch between organizations with regard to what controls get chosen, how often they are tested, and in general, they have been [...]

Unbeknown to us at the time, Tech Target was covering the Bay Area ISSA chapter meeting where we mentioned The Consensus Controls Project. We are grateful that Marcia Savage circled back with us to make sure she had all the facts. The coverage can be found here.

Welcome to The Consensus Controls Project blog. This blog will be updated regularly and will be a window into the The Project as it develops and an ongoing way for us to communicate our progress to the world. You can also follow us on Twitter where all of our blog postings will be forwarded, along [...]