Jack Jones points out that many CISOs know security but not risk. Learn why a lack of understanding of true risks versus security control issues leads to ineffective GRC implementations.

#cisos #riskmanagement #grc