Research/Technical Note
Automating Governance, Risk, and Compliance (GRC) in Cloud Computing: A Case Study on ServiceNow and NIST Framework Integration
Vara Prasad Pinninti*
Issue:
Volume 13, Issue 4, December 2025
Pages:
77-86
Received:
20 July 2025
Accepted:
11 August 2025
Published:
18 October 2025
Abstract: The rapid adoption of cloud computing has transformed organizational operations, offering scalability and flexibility but introducing complex governance, risk, and compliance (GRC) challenges. Increasing regulatory demands, such as GDPR, HIPAA, and PCI-DSS, coupled with rising cybersecurity threats, strain traditional manual GRC processes. These processes are often inefficient, error-prone, and ill-equipped to manage the dynamic nature of cloud environments, leading to compliance violations and heightened risks. As organizations strive for robust GRC frameworks, automation has emerged as a critical solution to streamline compliance monitoring, risk assessment, and policy enforcement, ensuring agility and security in cloud-based operations. This study aims to evaluate the effectiveness of integrating ServiceNow’s GRC platform with the NIST Cybersecurity Framework (CSF) to automate GRC processes in cloud computing environments. The research seeks to demonstrate how this integration enhances audit readiness, reduces compliance violations, and improves real-time risk visibility for organizations. Through a case study of a mid-sized financial institution, we explore the implementation of ServiceNow’s GRC platform aligned with NIST CSF’s core functions (Identify, Protect, Detect, Respond, Recover). The methodology includes deploying automated workflows for continuous compliance monitoring, risk assessment, and policy enforcement. Key features examined include automated evidence collection, real-time dashboards, and incident response automation. The case study reveals a 40% reduction in manual effort for compliance tasks, a 30% improvement in incident response times, and enhanced visibility into risk postures through centralized reporting. These findings highlight the platform’s ability to adapt to dynamic cloud environments while maintaining regulatory compliance. The integration of ServiceNow’s GRC platform with NIST CSF significantly enhances organizational GRC capabilities, offering a scalable solution for cloud environments. By automating critical processes, organizations achieve greater efficiency, reduced errors, and improved audit readiness. The study underscores the potential of automation to transform GRC practices, with implications for industries facing stringent regulations. Future enhancements, such as AI-driven predictive risk analytics, could further strengthen proactive risk management. Limitations, including initial implementation costs and training needs, suggest areas for further research to optimize adoption.
Abstract: The rapid adoption of cloud computing has transformed organizational operations, offering scalability and flexibility but introducing complex governance, risk, and compliance (GRC) challenges. Increasing regulatory demands, such as GDPR, HIPAA, and PCI-DSS, coupled with rising cybersecurity threats, strain traditional manual GRC processes. These pr...
Show More
Research Article
Performance Analysis of a CNN-Fuzzy Logic Based Real-time Intrusion Detection for Industrial IoT Systems
Boye Aziboledia Frederick*,
Onate Egerton Taylor
Issue:
Volume 13, Issue 4, December 2025
Pages:
94-109
Received:
19 September 2025
Accepted:
5 October 2025
Published:
26 November 2025
DOI:
10.11648/j.iotcc.20251304.13
Downloads:
Views:
Abstract: The Industrial Internet of Things has enhanced automation, real-time monitoring, and predictive decision-making in modern industries. The study explores the mixed research methods (qualitative and quantitative). However, the growing connectivity of industrial IoT systems has exposed them to severe cyber threats such as Ransomware, MitM, and DDoS attacks, which can disrupt critical operations and compromise safety. Conventional Intrusion Detection Systems (IDS) often face limitations in achieving high accuracy, rapid detection, and low latency while minimizing false alarms. This study proposes a CNN-Fuzzy Logic hybrid model for real-time intrusion detection and prevention in industrial IoT environments. Convolutional Neural Networks (CNN) are employed to extract deep hierarchical features from industrial IoT traffic, while fuzzy logic is integrated to enhance decision-making under uncertainty and reduce false positives. The model was trained and evaluated using Kaggle cybersecurity datasets containing ransomware, MitM, and DDoS attacks. Performance evaluation demonstrates that the CNN-Fuzzy IDS achieves an accuracy of 92.5%, a detection rate of approximately 93%, a false positive rate (FPR) of 2.51%, a reduced latency with an average of 7.14% total latency (which corresponds to 1.207 µsec average latency) is very acceptable for most industrial IoT applications. These results highlight the effectiveness of hybrid intelligent systems in enhancing the resilience and reliability of industrial IoT cybersecurity. The proposed model provides a promising pathway for deploying scalable, adaptive, and real-time IDS solutions in critical industrial infrastructures. On system computational overhead researchers should employ a minimum practical setup with modern multi-core CPU, 8–16 GB RAM, SSD, stable OS (Windows 10 only if hardware is modern) or run a lightweight Linux on edge plus offload heavy tasks elsewhere. Future research should also focus on optimizing hybrid ML architectures for low performance metrics for deployment of resource-constrained industrial IoT devices, integrating the approach for threat detection, and expanding evaluation to real-world industrial environments.
Abstract: The Industrial Internet of Things has enhanced automation, real-time monitoring, and predictive decision-making in modern industries. The study explores the mixed research methods (qualitative and quantitative). However, the growing connectivity of industrial IoT systems has exposed them to severe cyber threats such as Ransomware, MitM, and DDoS at...
Show More
