THREATOPS
THREAT OPSThreat News › Completing Compliance with Evidence : A Bottom-Up Approach to NIS2, DORA, and the Cyber Resilience Act

Completing Compliance with Evidence : A Bottom-Up Approach to NIS2, DORA, and the Cyber Resilience Act

lowsynacktiv

GRC (Governance, Risks and Compliance) as it is most often practiced works top-down, you read a piece of regulation, draft a policy, declare coverage, and archive a documentary record. This approach has value, it structures, it documents, it meets an auditor's formal expectations. It also has a known limitation: it mostly reflects what the organization describes and far less easily what actually h

Original source: https://www.synacktiv.com/en/publications/completing-compliance-with-evidence-a-bottom-up-approach-to-nis2-dora-and-the-cyber.html