Design science in information systems research
MIS Quarterly
A conceptual model for integrated governance, risk and compliance
CAiSE'11 Proceedings of the 23rd international conference on Advanced information systems engineering
Architecting a security strategy measurement and management system
Proceedings of the Workshop on Model-Driven Security
Hi-index | 0.00 |
Governance, Risk and Compliance (GRC) is an emerging topic in the business and information technology world. However to this day the concept behind the acronym has neither been adequately researched, nor is there a common understanding among professionals. The research at hand provides a frame of reference for research of integrated GRC that was derived from the first scientifically grounded definition of the term. By means of a literature review the authors merge observations, an analysis of existing definitions and results from prior surveys in the derivation of a single-phrase definition. The definition is evaluated and improved through a survey among GRC professionals. Finally a frame of reference for GRC research is constructed.