From the course: Governance, Risk, and Compliance (GRC) Essentials by Pearson
Join today to access over 25,200 courses taught by industry experts.
Defining the system and its boundaries
From the course: Governance, Risk, and Compliance (GRC) Essentials by Pearson
Defining the system and its boundaries
In the previous lessons, we explored the fundamentals of GRC and how to establish a compliance program. Now we'll turn to an essential step, defining the scope of your system. This process lays the foundation for everything from risk assessments to control implementation. Using the system scope ensures that one, you understand what assets and processes are in play. Two, your organization's risk and compliance requirements are accurately identified. And third, your efforts and resources are focused on the most critical areas. For example, imagine you're tasked with securing your organization's payment processing system. If you don't clearly define the boundaries, like the servers, databases, and APIs involved, You risk leaving vulnerabilities exposed. To define your scope, you need to identify key components of the system. Let's break this down into three main areas. First is system purpose, which is all about what does the system do? For example, a payroll system would be in scope for…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.