Sources for Industry Research on GRC Costs

Posted April 26, 2011, 9:47 am by Chris Noell

Image of Chris

Chris Noell

In a recent search for industry frameworks for governance, risk and compliance (GRC) costs for an upcoming webcast that I am presenting – Non-Compliance Costs: Should Your Organization Invest in GRC Tools? – I found a couple of great articles and sources. 

One research document - How To Measure The ROI Of A GRC Platform: Building A Framework For The Governance, Risk, And Compliance Business Case, by Forrester Analyst, Chris McClean, helps build a framework around estimating ROI by considering factors such as cost of a solution, benefits, the flexibility, and associated risks and mitigation. I like Chris’ “cost of a solution,” defining costs to span further than just monetary costs into time and other resources dedicated towards the implementation and ongoing maintenance.  All too often, organizations underestimated their internal costs to implement and maintain the solution.

In addition to the analyst community, another great source that I have found when researching security-specific industry news and findings is the Ponemon Institute.  In a study conducted last year, 2010 Global Cost of a Data Breach, April 2010, the research showed it could cost as much as $30.8 Million for a single breach in the United States, in 2009.

What other sources have you found to be useful? 

 
Filed under: Uncategorized
Edited April 26, 2011 by
Listed in Communities: Our Site


You must be logged in to post comments.