this post was submitted on 17 Feb 2026
4 points (100.0% liked)

Pulse of Truth

2318 readers
87 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth
4
Is Your GRC Program Really Reducing Risk? (www.bankinfosecurity.com)
submitted 3 days ago by lemmydev2 to c/pulse_of_truth
1 comments fedilink hide all child comments
 

CISO Sean Atkinson on Moving From 'GRC Theater' to Continuous GRC EngineeringAs NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said.

top 1 comments
sorted by: hot top controversial new old
[–] smeg 3 points 3 days ago

GRC has always been theater. Companies want to move faster than control operators can build and maintain, so there are inevitable gaps and shortcomings. And now with everyone feeding corporate data into AI platforms who are definitely not protecting the data, access controls are basically a moot point.