Video: Managing GRC with JupiterOne

George Tang has recorded a series of videos to show how JupiterOne can be used for GRC. In this session, George covers the usage of policies and procedures within J1 for compliance purposes. 

Not only as the foundation of your security program, but also your compliance program, you'll want to confirm you have a standardized set of policies and procedures for your organization. Within the Policies App, JupiterOne provides nearly three dozen standard security policies that are applicable to most organizations. Each of the policies has one or more procedures associated with each policy. 

During the initial J1 account setup, your admin was given access to the Policy Builder UI. Any changes to your company, officers within your company, or various security and technology tooling can be done through this interface. Updating this information will tailor your policies and procedures so that they are specific to your organization. Documentation for policies and procedures can be appended to, deleted or edited directly from within the J1 interface, including revision and tracking functionality. This documentation can be exported from JupiterOne as a pdf or zip file. 

Watch the video to see George step through the interface. If you like what you see, setup your free account and test it out yourself. 



For more videos in this series, plus a 15 part series on interrogating your AWS environments with JupiterOne, join us at Command Central for full access. 


Posted By George Tang

I possess extensive senior information security leadership experience from serving hundreds of clients by assessing, designing, and implementing security + enterprise risk management programs. I assess + advise companies (from Fortune 5 to pre-seed startups) on their businesses', products', and environments’ security architectures. Additionally, I own a rare blend of technical subject matter expertise within the cloud technology space across the major hyperscale cloud service providers, i.e., AWS, Azure, GCP, specifically within the infrastructure security domain. Background: information security, cloud security, cyber security, governance/risk/compliance, assessments + advisory, risk management/risk assessment.

To hear more from George, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.