In this episode of Razorwire, we're joined by Jack Jones, creator of the FAIR risk model, to explore the complexities of Governance, Risk and Compliance (GRC) tools. We cut through the noise to deliver actionable insights on how to truly manage risk and improve the value and efficiency of your GRC solutions.

Key Takeaways:
The Real Cost of GRC Tools: Uncover the hidden expenses and renewal price hikes associated with existing GRC tools.
Redefining Risk Management: Learn to differentiate between real risks and mere efficiencies, and how to avoid the ‘noise’ in your risk register.
The Path to Better GRC Solutions: Discover the pressing need for innovation in GRC tool design and practical, cost-effective solutions tailored to meet your risk management needs.

Episode Highlights:
Cybersecurity Responsibilities Debate: Should cybersecurity fall under IT or infosec departments?
Penetration Testing Management: How penetration testing could be subject to a conflict of interest depending on which department manages it.
GRC Tool Costs: Maximising GRC Tool ROI through regular utilisation and cost reviews.
Identifying GRC Tool Shortcomings: Common pitfalls of popular GRC tools in addressing real-world risks.
Proper Risk Register Management: Distinguishing between genuine risks and audit deficiencies.
Third-Party Risk Management: Strategies for managing third-party risks in modern business environments.
Effective Risk Communication: Framing risk discussions around loss event scenarios.
The Potential of GRC Tools: Managing complex IT environments and consolidating security data effectively.
Ineffective GRC Tools: Exposing how security budgets are heavily consumed by expensive and often inefficient GRC tools.

Other episodes you'll enjoy:
Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter
https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/

The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black
https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.