课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Governance, risk, and compliance (GRC) - Microsoft Security Copilot教程

课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Governance, risk, and compliance (GRC)

- [Instructor] Today's organizations are operating in complex environments, requiring them to integrate three key functions, governance, risk, and compliance, or GRC, to enhance business efficiency, protect against the threats, and comply with regulatory requirements. Now let's look into each component of GRC. Governance is for directing and controlling an organization's activities. It usually requires the company to define corporate strategies; create rules such as policies, standards, guidelines, and procedures; monitor the effectiveness of these rules; and establish a healthy culture to promote shared values and ethical behaviors. Risk management is about to reducing the impact and the likelihood of potential threats. The process typically includes the key steps, such as identify risks within your defined environments; analyze and prioritize the discovered risks; control the risks by taking suitable response actions; and track the risks through continuous monitoring and review. Compliance is to ensure an organization follows laws made by relevant governments and the regulations created by government agencies or regulatory bodies. To do that, an organization needs to implement effective controls and take proper actions. Traditionally, organizations have managed governance, risk, and compliance separately. Now with growing demands to coordinate across various domains, it's essential to integrate them into a unified GRC approach. How can we build a solid foundation for GRC? Technology alone is not enough. We need to have people, technology, and the processes work together. Now let's bring all these elements together. Here's a diagram from Microsoft that illustrates a framework for managing GRC. It combines governance, risk, and compliance with their key activities like strategies, policies, controls, and the laws. Also, it highlights that a successful GRC program is supported by three essential components, people, technology, and processes.

内容