Comments for The Technology Side of GRC

Comment on Risk-Based Approach to Vulnerability Management – Close the Loop by Tweets that mention Risk-Based Approach to Vulnerability Management – Close the Loop « The Technology Side of GRC -- Topsy.com

Mon, 19 Apr 2010 16:55:42 +0000

[...] This post was mentioned on Twitter by Norman Marks, Pravin Kothari. Pravin Kothari said: Risk-based approach to Vulnerability Management – closing the loop with GRC http://bit.ly/cXWjeW [...]

Comment on Is it Out-of-The-Box or Customized Application? Think Upgrade! by wyzen

wyzen — Tue, 01 Dec 2009 19:40:10 +0000

Nice article Pravin – this is an excellent read for anyone looking to purchase an enterprise application.

In my experience, I have seen two classes of enterprise applications. The first involve those built on an application platform (like SAP, Oracle Apps, etc) – and the second that are fully-custom developed each time around.

For the first class of applications – there are about two or three ‘levels’. First, there is the application platform or infrastructure itself. This can include web servers, workflow engines, portal infrastructure, presentation & reporting engines, etc. Then come the pre-assembled applications based on this infrastructure. And finally, there is ‘content’ which can be loaded into the applications.

I tend to see platform & infrastucture upgrades as critical to ‘stay in touch with the times’.

Modifications to the applications themselves tends to fall along the lines of what you have written about. Basically – if you REALLY want to do it – then do so with your eyes open. There are rarely ‘magic bullets’ that will let you customize the application logic AND upgrade easily too.

Upgrades to the content make sense only you have not directly modified & repurposed the content to your own specific purposes. In cases where content is reference material, pre-built data connectors, etc – then the need for an upgrade path is clear too.

Regards.

Comment on Is it Out-of-The-Box or Customized Application? Think Upgrade! by pkothari

pkothari — Mon, 16 Nov 2009 04:20:33 +0000

OOTB is an architectural approach. Content and template obviously will make deployments even more easy. Quality content and template need to be vertical specific or domain specific. Unless a software vendor has the size of Oracle or SAP, it cannot bring vertical expertise from every vertical, or even most major verticals. This is where partners play a key role. Partner bring vertical and domain expertise to an deployment. Agiliance has some very key partners, both large and boutique partners.

Comment on Is it Out-of-The-Box or Customized Application? Think Upgrade! by angelo337

angelo337 — Mon, 09 Nov 2009 12:41:10 +0000

Hi there
Iam not sure about OOTB in agiliance, i like your article, however in a OOTB approach should not be more Wizards and templates for more industries? as many customer is asking about it?
sometimes you get very frustrated trying to implement Agiliance and no template or wizard is available.
regards

Comment on Collaboration and….. why not SharePoint? by pkothari

pkothari — Wed, 26 Aug 2009 05:04:55 +0000

You are correct. All that is achievable with custom development and integration. A good GRC platform can offer an out-of-the-box integrated platform and avoid customization. Of course no out-of-the-box product can match the infinite flexibility of a customization project. Each options has advantages and disadvantages. Each company must decide what is must-have requirement and the corresponding cost of meeting that requirement. There is no universal one-size-fits all solution.

Comment on Collaboration and….. why not SharePoint? by rseiersen

rseiersen — Wed, 26 Aug 2009 04:24:52 +0000

New customer and all…..

I agree that outta the box workflow in sharepoint is quite basic. But its not to difficult to go deeper using sharepoint designer…or much deeper using visual studio and cutting serious state engine based workflow.

For my part, I would encourage integration with sharepoint, particularly the workflow capabilities. Workflow foundation, which backends is rohbust and has serious investment….it would be an easy soap integration imho. Just like your remedy integration…this would be a very serious value add……(remedy is not workflow…its ticketing of course)

In short, Stateful worklows can play a huge part in grc risk processes and I would argue that leveraging best of breed workflow like MWF with sharepoint integration should not be overlooked.

Comment on Control Automation by links for 2009-08-07 • Bare Identity

links for 2009-08-07 • Bare Identity — Sat, 08 Aug 2009 00:01:42 +0000

[...] Control Automation « The Technology Side of GRC "Process automation is a critical component of GRC automation, but it’s only 1/3 of the whole story. The other 2 are Control Automation and Remediation Automation." (tags: itgrc automation agiliance pravinkothari) [...]