IT GRC is the next evolution for the Enterprise Security Organization

Great write-up and perspectives from the GRC guru, Michael Rasmussen; What is IT GRC?

-snip-
Interestingly enough, I was at an event last week of a dozen senior IT executives and we discussed this concept of IT-GRC. These were all Fortune 500 firms. Going around the room each was spending on average 5-6% of their IT budget this year on IT-GRC. A few were lower than this in the 2-3% range while one, who was significantly working on their IT-GRC strategy, was spending about 12% of their IT budget on IT-GRC.
-/snip-

Bottom line, the solutions in the IT-GRC space continue to mature and evolve, BUT the truth is - they can and will help save Fortune 500 IT Security organizations money through automation today! There is no reason a Fortune 500 company should be spending this much of their IT budget on IT-GRC when these products today significantly reduce the amount of manual labor (consultants) performing these governance, risk & compliance duties.