An integrated approach comprising three principles ensuring an organisation operates in proper conduct in accordance with risk appetite and conformancewith information security requirements through the alignment of information security objectives with business objectives. Information Security Governance, Risk and Compliance enables an organisation to:

1. Understand and prioritize expectations by assessing information security risk that can have impact to organisational functions;
2. Achieve information security objectives, maximize business opportunity and ensure business resilience while protecting information value;
3. Operate in proper conduct within regulatory, contractual and internal information security requirements;
4. Provide reliable information to relevant internal and external stakeholders; and
5. Measure the effectiveness of information security controls in meeting the organisation information security objectives

Using researches based on reputable information security journals, news on information security trends, references on relevant international standards andglobal best practices, CyberSecurity Malaysia has developed the Information Security Governance, Risk and Compliance Health Check Assessment –ISGRiC.

ISGRiC, is a detailed assessment of information security governance, risk and compliance, web-based application that can assist you to:

1. Understand the positioning of current organisation information security posture and preparedness
2. Measure organisation’s level of readiness and initiatives in information security governance, risk management and compliance
3. Identify and evaluate current gaps of information security controls thus helps to manage information security threats and challenges faced by the organisation
4. Determine appropriate preventive controls and strengthen weak controls thus reducing information security incidentsCCC