Governance, Risk and Compliance: Demystifying the Risk and Data Privacy Landscape is a must-read for security leaders, risk professionals, auditors, policy makers and students aspiring to enter the cybersecurity and governance domain. It bridges theory and practice, offering a strategic lens on security that is both rigorous and pragmatic for professionals, leaders and learners who want to participate and lead confidently in a digital-first economy where trust and resiliency are currencies. 

Understand the fundamentals of Governance, Risk & Compliance

Navigate complex regulatory landscapes with confidence

Build security programs that align with business goals

Explore the strategic role of Enterprise Security Architecture

Master data privacy beyond “just protecting data”

It bridges theory and practice, offering a strategic lens on security that is both rigorous and pragmatic via:

  1. Holistic Approach: My book moves beyond siloed thinking, integrating GRC with ESA and Data Privacy into a unified framework. The emphasis on aligning security with business objectives is refreshing and practical.
  2. Interdisciplinary Insight: A standout feature is the incorporation of Social Sciences - e.g. Anthropology, Sociology, Psychology and Criminology - into security discourse. This human-centric perspective enriches technical strategies with cultural and behavioural understanding.
  3. Actionable Guidance: My book offers clear frameworks (ISO 31000, ISO 27005, COSO, COBIT, SABSA, NIST CSF) and practical tools for implementing risk management, compliance programmes, and adaptive security architectures. Metrics such as KPIs, KCIs, and KRIs are explained with examples, making governance measurable rather than aspirational.
  4. Timely Topics: Chapters on GRC automation, AI ethics, and data privacy regulations (GDPR, CCPA, PDPA) address pressing challenges. The discussion on adaptive security and automation reflects the realities of digital transformation and regulatory flux.
  5. Accessible Style: Despite covering complex subjects, I avoid jargon and use relatable analogies making the content approachable for non-technical readers.

Highlights include:

  • Chapter 1: Bridges Social Sciences and Information Security, offering unique insights into attacker psychology and organisational culture.
  • Chapter 4: Provides a roadmap for building business-aligned security programmes, emphasising governance principles and leadership engagement.
  • Chapter 6: Explores automation in GRC, detailing benefits, challenges, and ethical considerations of AI-driven compliance.
  • Chapter 8, written by Robert Campbell: Positions ESA as a strategic asset, not a technical afterthought, and introduces SABSA’s layered architecture for lifecycle integration.
  • Chapter 7: Delivers a robust treatment of data privacy, governance, and lifecycle management, contextualised within global regulatory frameworks.

It provides a practical roadmap to:

Embed security by design across the enterprise lifecycle

Align risk management with business goals

Leverage automation and adaptive architectures for real-time resilience

Transform compliance into a catalyst for innovation

📖 Available now from: 

CRC Press (Under Routledge, part of the Taylor & Francis Group)

Amazon (.co.uk)

Amazon (.com)

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.