<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Grc on Rishipal Yadav · not your CISO</title><link>https://rishipalyadav.github.io/tags/grc/</link><description>Recent content in Grc on Rishipal Yadav · not your CISO</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>© 2026 Rishipal Yadav</copyright><lastBuildDate>Thu, 24 Apr 2025 00:00:00 +0000</lastBuildDate><atom:link href="https://rishipalyadav.github.io/tags/grc/index.xml" rel="self" type="application/rss+xml"/><item><title>The Audit Room Has Two Stories And Neither Is the Full Truth</title><link>https://rishipalyadav.github.io/posts/audit-room-two-stories/</link><pubDate>Thu, 24 Apr 2025 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/audit-room-two-stories/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published in &lt;a href="https://medium.com/dark-roast-security" target="_blank" rel="noreferrer"&gt;Dark Roast Security&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/the-audit-room-has-two-stories-and-neither-is-the-full-truth-06fb15fe3341" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;Every audit room has two stories playing simultaneously. The auditor walks in with a checklist, a mandate, and the quiet authority of an independent assessor. The auditee walks in with months of prep, a defensive posture, and the knowledge that something will be found — the only question is what.&lt;/p&gt;
&lt;p&gt;The problem is neither side is telling their story particularly well. And that communication gap is where audits go from being useful to being theatre.&lt;/p&gt;</description></item><item><title>ChatGPT Policy for Your Organisation: The CISO's Concern</title><link>https://rishipalyadav.github.io/posts/chatgpt-policy-ciso-concern/</link><pubDate>Sun, 09 Apr 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/chatgpt-policy-ciso-concern/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/chatgpt-policy-for-your-organisation-the-cisos-concern-dcc073fa161f" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;ChatGPT has been a buzzword for some time now. Be it a new product built on top of it or another capability announcement, just when you think the hype has peaked, something new drops. And through all of it, security teams have been quietly scrambling to figure out what their policy actually is.&lt;/p&gt;
&lt;p&gt;This is not a technical breakdown of how large language models work. This is a practitioner&amp;rsquo;s take on the questions a CISO — or anyone responsible for security — needs to answer before their organisation gets too comfortable with ChatGPT in the workflow.&lt;/p&gt;</description></item></channel></rss>