Governance Risk and Compliance (PPG-GRC)
The world’s most complex problems are often only solved when a consensus of best practices are developed, maintained, and championed by “principled partnering groups” of men and women, of companies large and small, all around the world.
PPG’s managed competencies, best practices, and strategic partnerships in information assurance provide the most rewarding business-to-business engagements through:
Integrity: PPG’s standard operating procedures will afford a rapid organizational alignment by either directly mirroring or mapping to world-class best practices.
Excellence: PPG will apply the greatest rigor to establishing and managing requirements and “due diligence” necessary for successful engagements.
Knowledge: PPG has over sixteen years of experience in safety and security program management for compliance; including designing, developing, managing,
and evaluating GIS for pipeline safety. PPG has several competencies under management engaged with world class accreditation agencies such as PMI and
The PPG Governance Risk and Compliance Management division (PPG-GRC) is a management consulting practice that is passionately committed to the following challenges:
Transportation Security: Providing an intermodal, defense-in-depth, risk-based approach to the protection of critical infrastructure in modes such as maritime, aviation, freight rail, transit, highway, and pipeline.
Cyber Security: Securing cyber networks and helping to guard the broader cyber ecosystem.
Information Security: Defending information from unauthorized access, use, disclosure, disruption, modification, recording, or destruction.
Homeland Security: Understanding vulnerabilities to terrorism by modeling the anatomy of attacks.
The PPG-GRC practice supports programs in the following key stages for design, development, management, and evaluation:
Governance Management: Establish broad requirements for effective information security governance, the elements and actions required to develop an information security strategy, and an implementation plan of action.
Risk Management: Identify, analyze, quantify, report, and manage information security-related risk to achieve business objectives through a number of tasks utilizing key risk management techniques, methods, and matrices that define information security risk within a larger context of organizational risk.
Compliance Management: Monitor, track, and report key indicators of goal, risk, and performance needed to ensure policies, procedures, and standards are followed.
Program Development, Management, and Evaluation: Establish a series of projects and initiatives to achieve objectives the information security strategy is designed to address as well as ongoing management and administration. Notable are evaluations built upon attack modeling, the Department of Homeland Security’s Homeland Security Exercise and Evaluation Program (HSEEP), and Cyber Security Evaluation Tool (CSET).
PPG-GRCs transparent, defensible processes support all managed competencies, best practices, and principled partnerships.
Competencies: Research and practice to retain or gain credentials from some of the most respected accreditors in the world including but not limited to NSA, ISACA, PMI, ASIS Int., and GISCI. Research and development in “principled partnerships” toward continuous improvement of these bodies of knowledge.
Practices: Best practices are the bedrock of transparent, defensible processes.
Partnerships: Complex processes formed into a consensus of best practices developed, maintained, and practiced in concerts of “principled partnering groups”.