Avacuna Introduces Integrated GRC to Advance IT Alignment for Multiple Governance Frameworks
Avacuna launches integrated GRC in response to the market demand for more effective ways to reconcile multiple information systems governance frameworks. Integrated GRC complements the company's established compliance assessment and security risk management services. Insufficient user education on governance policies and data risk concerns is also fueling a resurgent interest in the firm's personalized security awareness training programs.
Boca Raton, FL, November 30, 2007 --(PR.com)-- Avacuna LLC (www.avacuna.com) today announced its integrated GRC (Governance, Risk Management and Compliance) service, which builds upon its successful compliance assessment and security risk management programs. Integrated GRC affords businesses currently using an existing IT systems governance framework the ability to rapidly and efficiently map new processes and controls introduced by secondary or tertiary standards, frameworks and best practice guidelines. Many companies managing mature Sarbanes-Oxley Section 404 (SOX 404) controls developed under the COSO or CobiT models
find themselves tasked with incorporating alternative framework mandates driven by regulatory compliance deadlines, security risk concerns or corporate efficiency objectives. These organizations increasingly need to reconcile objective-specific standards such as PCI DSS, ISO 27002 (formerly 17799) and ITIL with a framework already in full production, and Avacuna expects this trend will continue through 2011.
"In conjunction with multi-framework methodologies we've already tested and used effectively, integrated GRC represents a critical turning point that will transform the way companies approach governance," said Tom Leh,
Managing Partner of Avacuna. "Companies whose controls have matured in recent years are recognizing that while common frameworks such as CobiT are helpful, no single approach in isolation can deliver a holistic IT governance environment. With integrated GRC, companies can selectively apply only those guidelines relevant to their specific business interests while determining which certifications or report automation tools, if any, will contribute to measurable gains in productivity. This service reinforces Avacuna's commitment to a more strategic alignment of IT governance with corporate governance."
Working closely with financial services, hospitality and insurance customers to update their information systems policies, processes and controls, Avacuna encounters a variety of dynamic governance challenges and applies hybrid processes to lower risk for each specific environment. The growing Florida company plans to expand aggressively in 2008 with a broader focus on unified GRC vulnerability assessments, security risk management and customized awareness training. "We're observing that while GRC software remains at an embryonic stage of development from a risk assessment and controls perspective, solutions are being evaluated more frequently than recent research predicted," said Leh. "These tools are becoming their own distinct vulnerability category at a faster pace than initially anticipated. Customers are requesting evidence of sufficiently robust application security controls from GRC automation and data reporting vendors vying to participate in security risk management projects, and we're now working with third party suppliers more frequently to close compliance remediation gaps."
Avacuna has experienced solid awareness training service growth and predicts even greater numbers of organizations will demonstrate renewed interest in this practice during the coming year. "Many companies have completed only preliminary stage awareness programs often characterized as excessively generic and targeted primarily to internal audiences," Leh noted. "Companies are now calling for customized use cases that audiences can identify with on a personal level. We are inspired to be in a position to help clients innovate their external customer education resources, produce flexible and contextualized awareness campaigns, and to enlighten a risk class that contributes significantly to data breach and threat scenarios."
For additional information on integrated GRC, awareness training and other Avacuna services, contact Tom Leh or visit www.avacuna.com.
About Avacuna:
Avacuna LLC (Avacuna) is a provider of integrated governance, compliance, security assessment and risk advisory consulting services. Focus areas include information systems life cycle management, general computer controls, internal audits, security strategies and regulatory analysis. Avacuna leverages the transactional value creation potential of governance frameworks to transform underutilized knowledge capital into competitive advantages and improved valuations for its clients.
###
find themselves tasked with incorporating alternative framework mandates driven by regulatory compliance deadlines, security risk concerns or corporate efficiency objectives. These organizations increasingly need to reconcile objective-specific standards such as PCI DSS, ISO 27002 (formerly 17799) and ITIL with a framework already in full production, and Avacuna expects this trend will continue through 2011.
"In conjunction with multi-framework methodologies we've already tested and used effectively, integrated GRC represents a critical turning point that will transform the way companies approach governance," said Tom Leh,
Managing Partner of Avacuna. "Companies whose controls have matured in recent years are recognizing that while common frameworks such as CobiT are helpful, no single approach in isolation can deliver a holistic IT governance environment. With integrated GRC, companies can selectively apply only those guidelines relevant to their specific business interests while determining which certifications or report automation tools, if any, will contribute to measurable gains in productivity. This service reinforces Avacuna's commitment to a more strategic alignment of IT governance with corporate governance."
Working closely with financial services, hospitality and insurance customers to update their information systems policies, processes and controls, Avacuna encounters a variety of dynamic governance challenges and applies hybrid processes to lower risk for each specific environment. The growing Florida company plans to expand aggressively in 2008 with a broader focus on unified GRC vulnerability assessments, security risk management and customized awareness training. "We're observing that while GRC software remains at an embryonic stage of development from a risk assessment and controls perspective, solutions are being evaluated more frequently than recent research predicted," said Leh. "These tools are becoming their own distinct vulnerability category at a faster pace than initially anticipated. Customers are requesting evidence of sufficiently robust application security controls from GRC automation and data reporting vendors vying to participate in security risk management projects, and we're now working with third party suppliers more frequently to close compliance remediation gaps."
Avacuna has experienced solid awareness training service growth and predicts even greater numbers of organizations will demonstrate renewed interest in this practice during the coming year. "Many companies have completed only preliminary stage awareness programs often characterized as excessively generic and targeted primarily to internal audiences," Leh noted. "Companies are now calling for customized use cases that audiences can identify with on a personal level. We are inspired to be in a position to help clients innovate their external customer education resources, produce flexible and contextualized awareness campaigns, and to enlighten a risk class that contributes significantly to data breach and threat scenarios."
For additional information on integrated GRC, awareness training and other Avacuna services, contact Tom Leh or visit www.avacuna.com.
About Avacuna:
Avacuna LLC (Avacuna) is a provider of integrated governance, compliance, security assessment and risk advisory consulting services. Focus areas include information systems life cycle management, general computer controls, internal audits, security strategies and regulatory analysis. Avacuna leverages the transactional value creation potential of governance frameworks to transform underutilized knowledge capital into competitive advantages and improved valuations for its clients.
###
Contact
Avacuna LLC
Tom Leh
954-719-5126
www.avacuna.com
Tom Leh
954-719-5126
www.avacuna.com
Contact
Categories