Other #GRCchat recaps
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Setting goals for information governance and determining the most important features of a proper risk management and compliance program are colossal tasks -- training everyone to understand what's going on is a whole other animal. SearchCompliance set out to get advice from tweet jam participants about all this and more during our inaugural #GRCchat.
In our first ever #GRCchat, participants stressed the need for top-down support for information governance and stressed the value of a knowledgeable governance, risk and compliance (GRC) team. To recruit support for security efforts and guarantee that employees have the appropriate know-how, information governance training should be an enterprise requirement. We asked our Twitter followers:
The first string of responses addressed the first part of our question, shedding light on the information governance training necessary to proper risk management and compliance:
A3 Emp's need education re: their responsibility in life cycle of info they create, eg classifying, storing, context tagging #GRCchat— Derek Gascon (@InformaZen) January 16, 2014
A3 base training on roles and present based on current risk areas. #GRCchat— Randy Moeller (@RJMrim) January 16, 2014
According to our #GRCchat participants, employees carry a large degree of responsibility for properly storing the information they create -- an obligation they might not be aware of pre-training.
Once security professionals establish parameters for information governance training, they must next determine how much training is enough, and at what frequency. The first to sound off in our chat was information security professional Elliott Franklin:
A3 Training should be done often if only to update on new threats - constantly evolving and getting more sophisticated. #GRCchat— Ben Cole (@BenjaminCole11) January 16, 2014
Information governance training could be worthless if IT is unable to verify that the efforts have a positive impact on organizational security. Editorial Director Christina Torode delved further with one chat participant:
#grcchat A3 - Just as important for training is effectively measuring the impact it is actually having.— Keith Cerny (@kcerny) January 16, 2014
How often does information governance training occur at your organization? Who is on the invite list for these vital GRC sessions? Sound off in the comments section below.