Governance, Risk, & Compliance
My thoughts, observations, and readings on different facets of GRC.
In the past 2 years, there has been a surge in GenAI and its security implications. I developed the following framework to categorize the blogs, tools, and resources I have been exploring to make it easier to navigate and understand. Everything related to GenAI and Security can be put in these 3 pillars: Security of…
๐๐ฅ๐ฅ ๐๐ฆ๐ฉ๐ฅ๐จ๐ฒ๐๐๐ฌ ๐ฆ๐ฎ๐ฌ๐ญ ๐๐จ๐ฆ๐ฉ๐ฅ๐๐ญ๐ ๐ญ๐ก๐ ๐ฌ๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ ๐๐ฐ๐๐ซ๐๐ง๐๐ฌ๐ฌ ๐ญ๐ซ๐๐ข๐ง๐ข๐ง๐ ๐ฐ๐ข๐ญ๐ก๐ข๐ง ๐๐ ๐๐๐ฒ๐ฌ ๐จ๐ ๐จ๐ง๐๐จ๐๐ซ๐๐ข๐ง๐ ๐๐ง๐ ๐๐ง๐ง๐ฎ๐๐ฅ๐ฅ๐ฒ ๐ญ๐ก๐๐ซ๐๐๐๐ญ๐๐ซ.Sound familiar? Despite being a hard requirement and many organizations spending thousands of dollars on implementing the Learning Management System (LMS), tracking completion rates, and sometimes enforcing sanctions for not completing the training – this has always been a point…
I did not speak a full sentence in English until I was 20, and I am pretty sure the recruiter at HSBC only hired me because I told him my uncle worked there. I did not write my first blog post until Dec 2018 in an effort to make sense of all the InfoSec jargons…
As we enter the new year, many of us will start the annual third-party attestations. Itโs important toย remember that holding a third-party attestation provides a baseline assurance on the effective implementation of management, operational, and technical controls. Compliance demonstrated by a clean SOC 2 report, ISO 27001 certification, HITRUST certification, etc. does not equate to…