GRC mainly entails conducting risk assessments, audits as well as risk management as this greatly helps in improving the company's security posture as well as protecting the company's assets . Grc analysts main roles require them to also identify the threats , vulnerabilities that can be exploited by unauthorised users in case the controls recoommended are not adopted. i have learnt through this course that companies are mandatorily required to comply with different frameworks that apply to that industry and non compliance may result in a company being fined or even losing its reputation in case of breach. In US the HIPPA Act helps to protect the patients sensitive data and here controls like access control , encryption among others must be adopted to protect a patients data from being read by unauthorised people. In conclusion ,security breaches have now evolved to include AI and as a result companies should ensure the implementation of several controls so as to help mitigate risks that come with this evolution .

https://www.sans.org/information-security-policy/access-management-policy