this post was submitted on 17 Feb 2026
4 points (100.0% liked)

Pulse of Truth

2322 readers
130 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth
4
Is Your GRC Program Really Reducing Risk? (www.bankinfosecurity.com)
submitted 4 days ago by lemmydev2 to c/pulse_of_truth
1 comments fedilink hide all child comments
 

CISO Sean Atkinson on Moving From 'GRC Theater' to Continuous GRC EngineeringAs NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said.

you are viewing a single comment's thread
view the rest of the comments
[–] smeg 3 points 4 days ago

GRC has always been theater. Companies want to move faster than control operators can build and maintain, so there are inevitable gaps and shortcomings. And now with everyone feeding corporate data into AI platforms who are definitely not protecting the data, access controls are basically a moot point.