Current risk and policy management tools have continued to evolve, year after year offering new features and increasingly interesting approaches. There is some overlap with the tools we feature this month, but they fall into two main subcategories: GRC solutions and policy management tools.

GRC solutions are designed to help assure an organization achieves its objectives, addresses risk and operates with integrity. Features of most traditional tools manage compliance workflows, risk analytics and custom compliance reporting. Tools in this subcategory understand multiple popular standards, such as ISO 270001, NIST 800 series, PCI-DSS and GDPR, with the ability to cross map these controls to one another, which makes life easier for organizations tracking multiple standards.

Policy and risk management tools take a different approach. They integrate with technology and assess risk based on network or system behavior. These tools have taken off in popularity the past few years. Most can review routing tables, firewall policies and network traffic to build a dynamic network map to understand the impacts of applications and systems on the enterprise network.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.