How to Optimise Your GRC Tools episode artwork

EPISODE · Oct 16, 2024 · 43 MIN

How to Optimise Your GRC Tools

from Razorwire Cyber Security & InfoSec Insights

How to Optimise Your GRC Tools Improving Value, Efficiency & True Risk ManagementAre your GRC tools really managing risk, or just creating noise?Welcome to the latest episode of Razorwire, where we cut through the complexities of the cybersecurity world to deliver actionable insights. I'm your host, Jim, and in this episode, we're discussing the multifaceted challenges and opportunities surrounding Governance, Risk and Compliance (GRC) tools with none other than Jack Jones, creator of the FAIR risk model and a seasoned security professional with nearly 40 years’ experience.In our conversation, Jack and I explore the intricate landscape of GRC tools, questioning their effectiveness in truly managing risk. We talk about the difference between controlling efficiencies and understanding genuine risks, shedding light on the often misleading contents of risk registers. In this episode, you'll learn invaluable insights that could transform how you approach risk management and compliance. From navigating price range vs efficiency, to the idea of developing a more effective and affordable GRC solution, this episode offers a treasure trove of useful takeaways for anyone in the cybersecurity field. Key takeawaysThe Real Cost of GRC Tools: Jack and I discuss the hidden expenses and renewal price hikes associated with existing GRC tools. If you're feeling the financial strain of your current GRC solutions, this segment is a must-listen to understand the true cost and value proposition of these tools.Redefining Risk Management: We talk about the importance of differentiating between real risks and mere efficiencies and how many organisations can get this wrong. Learn how to avoid the ‘noise’ in your risk register to focus on genuine risk scenarios that matter to your business.The Path to Better GRC Solutions: Tune in to hear our thoughts on the pressing need for innovation in GRC tool design. If you're looking for practical, cost effective solutions tailored to meet your risk management needs, you'll want to hear our insights and future plans.Don't miss this conversation that could reshape your perspective on GRC tools and risk management."If I thought the [GRC tool] technology is actually provided anywhere near the value of their potential… if the GRC products and their implementations were actually doing the job they're intended to do, they should cost a lot of money because they would be providing a ton of value." - Jack JonesListen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listenIn this episode, we covered the following topics:Cybersecurity Responsibilities Debate: We debate whether cybersecurity should fall under IT or infosec departments.Penetration Testing Management: How penetration testing could be subject to a conflict of interest depending on which department manages it.GRC Tool Costs: Maximising GRC Tool ROI: Gain insights on how to assess and optimise your GRC tool's value proposition through regular utilisation and cost reviews.Identifying GRC Tool Shortcomings: Understand the common pitfalls of popular GRC tools in addressing real world risks, enabling better tool selection and implementation.Proper Risk Register Management: Learn to distinguish between genuine risks and audit deficiencies for more accurate and useful risk registers.Third-Party Risk Management: Learn strategies for effectively managing the challenges posed by third party risks in modern business environments.Effective Risk Communication: Master the art of framing risk discussions around loss event scenarios, for better communication with executives.The Potential of GRC Tools': Recognising the potential of GRC tools to manage complex IT environments and consolidate security data effectively.Ineffective GRC Tools: Exposing how security budgets are heavily consumed by expensive and often inefficient GRC tools, limiting additional security measures. Balancing Security Budgets: Learn to critically evaluate GRC tool costs and effectiveness to ensure balanced allocation of security resources.Resources MentionedThe FAIR modelISO 27001PCI complianceBook: "The Cyber Sentinels Handbook"GRC ToolsOther episodes you'll enjoyCybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiterhttps://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Blackhttps://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/Connect with your host James ReesHello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.For more information about us or if you have any questions you would like us to discuss email [email protected] you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.Linkedin: Razorthorn SecurityYoutube: Razorthorn SecurityTwitter:   @RazorThornLTDWebsite: https://www.razorthorn.com/Loved this episode? Leave us a review and rating hereAll rights reserved. © Razorthorn Security LTD 2025

NOW PLAYING

How to Optimise Your GRC Tools

0:00 43:36

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

The Hunt Diaz Task Force A hard-hitting, eye-opening podcast that takes you deep into the relentless fight against human and sex trafficking. Each episode explores the dangerous world of traffickers and predators from every angle—street operations, online investigations, and digital warfare. Hear firsthand from law enforcement, federal agents, and prosecutors as they share real stories of sting operations, investigative tactics, and the challenges of bringing traffickers to justice. Follow live sting operations, online predator investigations, and real-time takedowns of trafficking rings, with insights from cybercrime experts, undercover decoys, and live case discussions. We dive deep into how traffickers operate on the dark web, using cryptocurrency and other digital tools to exploit victims. Learn how law enforcement is using cutting-edge technology to track traffickers and disrupt their operations. The Hunt, pulls back the curtain on the digital and real-world fight against trafficking, exposing the p Explicit The Uncaged Pod Jess MacMillan The Uncaged Pod is the podcast for bold, soul-led women who are ready to break free from the cages of perfectionism, people-pleasing, and limiting beliefs. Hosted by Jess MacMillan, mama, keynote speaker, and women's empowerment advocate, this show delivers raw conversations, powerful insights, and unapologetic truths that will inspire you to reclaim your voice, rewrite your story, and rise with unstoppable confidence.Each week, Jess and her guests dive into topics around leadership, personal growth, entrepreneurship, and motherhood, offering real-life strategies, soulful reflections, and empowering stories to help you lead, live, and love uncaged.Whether you're an entrepreneur, a creative, or a woman who’s remembering who she really is, The Uncaged Pod is your invitation to step into your power and live life on your own terms. Explicit Crime and Conscience Ashley Painter Discover the world of true crime with Ashley on Crime and Conscience. Explore psychological insights and stories that challenge our perceptions of guilt and innocence. Uncover the complexities of crime, trauma, and the human experience in each episode. Explicit Technado (Archived) ACI Learning The Technado crew covers a whirlwind of tech topics each week from interviews with industry experts and up-and-coming companies to commentary on topics like security, vendor certifications, networking, and just about anything IT related. Explicit

Frequently Asked Questions

How long is this episode of Razorwire Cyber Security & InfoSec Insights?

This episode is 43 minutes long.

When was this Razorwire Cyber Security & InfoSec Insights episode published?

This episode was published on October 16, 2024.

What is this episode about?

How to Optimise Your GRC Tools Improving Value, Efficiency & True Risk ManagementAre your GRC tools really managing risk, or just creating noise?Welcome to the latest episode of Razorwire, where we cut through the complexities of the cybersecurity...

Can I download this Razorwire Cyber Security & InfoSec Insights episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!