One of the key challenges of modern Russian cyber security is the shortage of personnel. This limitation is difficult to eliminate even in the medium term, and it hinders the implementation of import substitution projects, effective response to current cyber threats, and compliance with legal requirements. The traditional answer is to replace manual labor with automation, which in addition helps to speed up all processes, systematize approaches to problem solving, eliminate subjectivity in decision-making, and increase the controllability and transparency of operations. In addition, the ability of automating routine is attractive not only from an economic point of view, but also from the perspective of retaining specialists, who can be more easily motivated by creative tasks than by monotonous actions.
In cybersecurity, despite the relative youth of the field, there are many processes that can be at least partially outsourced to automation systems: asset accounting and inventory, vulnerability scanning and assessment, change and configuration management, audits and compliance assessments, records of documents and their versions, analysis and decomposition of legal and corporate regulatory requirements, cyber risk analysis, etc. GRC/SGRC class systems are used to automate these and many other IS processes - we have already reviewed their main properties and application scenarios. Now it is time to make an analytical comparison of domestic products of this class, which allow automating the management of IS processes, cyber risks, and compliance with information protection requirements.
Read the full article here -
Analytical_comp_SGRC_systems.pdf
Provided by CyberMedia portal
Read also...
