We have prepared an overview and comparison of SGRC solutions presented on the Russian information security market. There are not many vendors working in this direction, so 5 "players" will participate in the review while the three of them are domestic.
First, we recall that the term SGRC stands for Security Governance, Risk Management and Compliance”. SGRC platforms, according to their names, solve the following problems:
- Governance - information security management with automation processes for asset management, vulnerabilities, documents, tasks, standards, as well as the ability to visualize the state of information security and create reports.
- Risk Management - cyber risk management with automation of a risk-based approach to information security aimed at an economically justified choice of optimal security measures that minimize the identified and calculated risks.
- Compliance - ensuring compliance with legislation, industry and internal standards and requirements (compliance), with the ability to conduct audits and provide reports and results.