Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Elevating governance, risk and compliance throughout the software development life cycle with digital risk management

By Boris Khazin
risk-management-freepik
August 17, 2021

Despite its guiding force for most enterprise’s security initiatives, today’s approach to governance, risk and compliance (GRC) is still primarily a manual process. While a necessity—driven by ever-evolving rules regarding privacy, the environment and cybercrime, traditional GRC approaches often fall short, particularly as risks increase and the inability to mitigate them come with dire consequences. 

With a tendency to rely on people more than technology, current practices are often implemented after a risk or a new regulation is identified, which is why digital risk management (DRM) is critical. As a more encompassing and modern approach that extends not only GRC capabilities but also Integrated Risk Management (IRM) and Enterprise Risk Management (ERM), DRM provides new tools and techniques risk professionals can interweave into operations and technology with unprecedented detail to strengthening the enterprise.

 

Bringing risk management into the software development life cycle

Building DRM into new initiatives creates an integrated system, brings upfront value and sets the stage for constant improvements in the future. Implementing DRM can also help address concerns and improve decision making throughout the six phases of the Software Development Live Cycle (SDLC), which include the following:

  • Planning: SDLC begins with a project plan, then assessing the market for the viability of the product or service and getting feedback from those who will purchase it, as well as industry experts. With the goal to implement the project with the least roadblocks, potential risks are identified in this stage.
  • Requirements Analysis: Design requirements of each software feature and capability that the software must include within its full implementation are listed at this stage.
  • Prototyping: At this stage, architects develop one or more design approach plans, identifying key technologies to use and desired toolsets to build the product. 
  • Software Development: The product enters the actual development stage, where features are implemented based on the previously established requirements and design phases.
  • Software Testing: Quality assurance finds and reports software defects and retests.  
  • Deployment and Maintenance Stage: The product is launched to the market. As necessary, software defects are remediated, and new product features become available based on market feedback.

Incorporating DRM throughout the SDLC enables organizations to develop software with anticipation of and relevant mitigation of risks throughout its life cycle. With assessment an integral part of the SDLC process, enterprises can quickly address internal risks for developing the project while anticipating any outside risks (i.e., data privacy, cybersecurity), as well as required compliance with both regulatory and internal policies and procedures. Because DRM focuses on working agilely, it also promotes and fosters a shared responsibility of all those involved in the planning and developing of the product.  

Here are the key benefits at a glance:

  • Increases efficiency and transparency while empowering staff at every level to identify and consider potential risks 
  • Automates time-consuming tasks that require hours of staff power at a high cost, with digital processes frequently running to spot risks and anomalies early on
  • Brings risk management in as an active participating stakeholder within Agile/SCRUM development teams
  • Identifies overlapping redundancies within different silos and condenses them to one process 
  • Increases an organization’s competitiveness and agility
  • Reduces costs by freeing up staff to monitor dashboards rather than just crunching the numbers

 

Things to consider before implementing DRM

As an organization’s technology portfolio broadens and more processes are automated, it’s crucial to ensure new security vulnerabilities aren’t unintentionally being created along the way. In business, the constant push to evolve can sometimes mean skimping on documentation and auditability, leaving those hidden trails at the edges (where subcontractors are involved on multiples projects, for example). 

Before putting a DRM strategy in place, create a map of current digital tools and the protocols around them. In some cases, adopting DRM is a quick step along an organization’s maturity path. It may be adopting a few new tools and processes and creating or reassigning new roles to accomplish them. In other cases, it may take a bit of an effort and require significant changes. 

Also, consider what new roles may be required:

 

DRM Analyst 

Benefit: DRM concerns are brought to the development team’s attention when initially writing specifications so the team anticipates any potential risks, governance or compliance issues that the new features might necessitate. The analyst also answers any questions during the team’s Sprint Planning session.

 

DRM Quality Assurance (QA)

Benefit: Depending on the scope of work, QA team members’ quality checks verify that governance, risk and compliance defects are caught and remediated during the development phase, so the product is released to the market on time while meeting those requirements.

DRM is no longer big brother watching over teams with mysterious processes but rather a way to address risk concerns and their importance to the product’s overall success. Even more, it can motivate and inspire teams to look for issues proactively.

For most companies, the best step forward would be to partner with a trusted DRM vendor that has the experience needed to make this digital transformation as seamless as possible. This vendor would understand all the moving parts and how to interweave them into developing a DRM strategy that serves your specific business case.

 

Conclusion

This digital transformation provides tremendous opportunity, and DRM vendors have rich offerings for prophylaxis, surveillance, machine anomaly prediction and resolution platforms. The benefits and value of migrating to Digital Risk Management (DRM) and “compliance as a code” within a Software Development Life Cycle (SDLC) environment will set the stage and provide an elevated product. 

With tremendous opportunity, however, comes tremendous responsibility. The more multifaceted the world becomes, the harder it is to achieve something meaningful alone. Ultimately, the goal is to get the most out of your risk dollar with the least disruption to your stakeholders. 

Just as adopting Agile and DevOps required broad cultural acceptance of significant changes to the organization, so will DRM. Your GRC team and processes are currently siloed, with barriers erected between it and the rest of the organization.

Above all, find a partner, an advisor you can trust to work with precision on a roadmap. Design a risk program that helps the organization balance agility with safety. This will enhance the way GRC/IRM/ERM teams confront risk by bringing DRM into the forefront of this technological evolution.

 

KEYWORDS: compliance tools cyber security governance risk information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Boris khazin
Boris Khazin is Global Head of Digital Risk Management/Governance, Risk and Compliance at EPAM Systems. Khazin has more than 20 years of management, consulting and product development experience in the financial services and fintech sectors. During his tenure at EPAM, he has led several GRC, business intelligence, enterprise analytics and organizational capability/maturity assessments to help clients identify, define and prioritize frameworks that guide them toward a desired future state. From this, he has developed a keen understanding of opportunities and challenges that arise when organizations adapt to change.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • risk-management-freepik1170x6586905 (1).jpg

    Digital risk management and compliance as a code

    See More
  • Federal Trade Commission building

    What new regulation from the FTC means for businesses

    See More
  • smartphone-app-development-freepik.jpg

    Why mobile app developers need to prioritize user data privacy and security — and what they can do to ensure it

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing