Alex Hutton, Principal in Research & Risk Intelligence with Verizon Business, says implementing a GRC program without any measurement is governance and compliance via superstition. Learn why risk management without metrics will hamper your enterprise's governance, risk and compliance efforts. By collecting information from a wide and complete set of systems, organizations can begin to analyze data to uncover trends. This information can also be used to identify patterns, which in turn could be used to assess risk, detect security incidents and suggest the likelihood of a pending attack. With an information-driven risk management program, decisions can be made based on evidence as opposed to speculation.

Read the full article at CIO Insight.

Article by: Sean Martin, CISSP