Lightning Talk: Revolutionize Security GRC: Leverage AI and LLM for Continuous Control... Megha Shah

Lightning Talk: Revolutionize Security GRC: Leverage AI and LLM for Continuous Controls Monitoring - Megha Shah, ComplianceCow

Today GRC team struggles to instill the culture of Continuous Control Monitoring. Typically, they utilize mechanisms such as security questionnaire, email or Sharepoint to gather evidence. These aids help them in assessing compliance, preparing for audits and managing vendor risk assessments. However, they encounter difficulties in collecting data and evidence due to lack of standardization, technical complexity, repetitiveness and insufficient time and resources. We can support our hard working GRC teams and equip them the necessary tools by employing LLM in the following way: - Creating a machine readable controls framework in YAML from the policy document. - Generating a dynamic graph of policies, controls and frameworks based on the YAML - Designing a dynamic evaluation questionnaire for users to assess the effectiveness of these policies - Deploying this questionnaire using well known tools like Google forms for continuous controls monitoring - Implementing CEL (Common Expression Language) to calculate the compliance score dynamically based on the evaluation responses. - Integrating the final results into reports and dashboards for the steering governance committee.