-
Research/Technical Note
Automating Governance, Risk, and Compliance (GRC) in Cloud Computing: A Case Study on ServiceNow and NIST Framework Integration
Vara Prasad Pinninti*
Issue:
Volume 13, Issue 4, December 2025
Pages:
77-86
Received:
20 July 2025
Accepted:
11 August 2025
Published:
18 October 2025
Abstract: The rapid adoption of cloud computing has transformed organizational operations, offering scalability and flexibility but introducing complex governance, risk, and compliance (GRC) challenges. Increasing regulatory demands, such as GDPR, HIPAA, and PCI-DSS, coupled with rising cybersecurity threats, strain traditional manual GRC processes. These processes are often inefficient, error-prone, and ill-equipped to manage the dynamic nature of cloud environments, leading to compliance violations and heightened risks. As organizations strive for robust GRC frameworks, automation has emerged as a critical solution to streamline compliance monitoring, risk assessment, and policy enforcement, ensuring agility and security in cloud-based operations. This study aims to evaluate the effectiveness of integrating ServiceNow’s GRC platform with the NIST Cybersecurity Framework (CSF) to automate GRC processes in cloud computing environments. The research seeks to demonstrate how this integration enhances audit readiness, reduces compliance violations, and improves real-time risk visibility for organizations. Through a case study of a mid-sized financial institution, we explore the implementation of ServiceNow’s GRC platform aligned with NIST CSF’s core functions (Identify, Protect, Detect, Respond, Recover). The methodology includes deploying automated workflows for continuous compliance monitoring, risk assessment, and policy enforcement. Key features examined include automated evidence collection, real-time dashboards, and incident response automation. The case study reveals a 40% reduction in manual effort for compliance tasks, a 30% improvement in incident response times, and enhanced visibility into risk postures through centralized reporting. These findings highlight the platform’s ability to adapt to dynamic cloud environments while maintaining regulatory compliance. The integration of ServiceNow’s GRC platform with NIST CSF significantly enhances organizational GRC capabilities, offering a scalable solution for cloud environments. By automating critical processes, organizations achieve greater efficiency, reduced errors, and improved audit readiness. The study underscores the potential of automation to transform GRC practices, with implications for industries facing stringent regulations. Future enhancements, such as AI-driven predictive risk analytics, could further strengthen proactive risk management. Limitations, including initial implementation costs and training needs, suggest areas for further research to optimize adoption.
Abstract: The rapid adoption of cloud computing has transformed organizational operations, offering scalability and flexibility but introducing complex governance, risk, and compliance (GRC) challenges. Increasing regulatory demands, such as GDPR, HIPAA, and PCI-DSS, coupled with rising cybersecurity threats, strain traditional manual GRC processes. These pr...
Show More
-
Research Article
Automated Railway Crossing System Using Multi-Sensor Integration for Enhanced Safety
Issue:
Volume 13, Issue 4, December 2025
Pages:
87-93
Received:
2 October 2025
Accepted:
13 October 2025
Published:
31 October 2025
Abstract: Since then, railway-level crossings have become a significant cause of road and rail accidents, claiming dozens of lives each year, not only in Bangladesh but also at every railway crossing in the world. These accidents are increasing alarmingly owing to manual gate operation, staff negligence, and inadequate infrastructure. This situation creates a considerable challenge that must be overcome in a sophisticated way. To neutralize this issue, our project proposes a cutting-edge automated gate control system for railways that opens and closes the rail crossing gates automatically whenever a train is approaching. The system is equipped with advanced features such as obstacle detection, manual control override, and an emergency stop mechanism. It is built to be future-ready with integrations of solar power, IoT, and AI technologies. Moreover, there is also an arrangement to remotely control all the adjacent gates from an intermediate control room. In addition, the suggested system offers a safe and intelligent solution, particularly designed for rural and semi-urban areas in Bangladesh, where conventional railway crossing mechanisms are often outdated or absent. The system intends to significantly reduce the risk of accidents, ensure smoother train operations, and enhance public safety by maximizing automation and innovative technologies in regions that are typically underserved by modern infrastructure. It also holds potential for adoption in other countries facing frequent railway crossing mishaps. Our motto remains clear: "Automation for a Safer Bangladesh."
Abstract: Since then, railway-level crossings have become a significant cause of road and rail accidents, claiming dozens of lives each year, not only in Bangladesh but also at every railway crossing in the world. These accidents are increasing alarmingly owing to manual gate operation, staff negligence, and inadequate infrastructure. This situation creates ...
Show More
-
Research Article
Performance Analysis of a CNN-Fuzzy Logic Based Real-time Intrusion Detection for Industrial IoT Systems
Boye Aziboledia Frederick*,
Onate Egerton Taylor
Issue:
Volume 13, Issue 4, December 2025
Pages:
94-109
Received:
19 September 2025
Accepted:
5 October 2025
Published:
26 November 2025
DOI:
10.11648/j.iotcc.20251304.13
Downloads:
Views:
Abstract: The Industrial Internet of Things has enhanced automation, real-time monitoring, and predictive decision-making in modern industries. The study explores the mixed research methods (qualitative and quantitative). However, the growing connectivity of industrial IoT systems has exposed them to severe cyber threats such as Ransomware, MitM, and DDoS attacks, which can disrupt critical operations and compromise safety. Conventional Intrusion Detection Systems (IDS) often face limitations in achieving high accuracy, rapid detection, and low latency while minimizing false alarms. This study proposes a CNN-Fuzzy Logic hybrid model for real-time intrusion detection and prevention in industrial IoT environments. Convolutional Neural Networks (CNN) are employed to extract deep hierarchical features from industrial IoT traffic, while fuzzy logic is integrated to enhance decision-making under uncertainty and reduce false positives. The model was trained and evaluated using Kaggle cybersecurity datasets containing ransomware, MitM, and DDoS attacks. Performance evaluation demonstrates that the CNN-Fuzzy IDS achieves an accuracy of 92.5%, a detection rate of approximately 93%, a false positive rate (FPR) of 2.51%, a reduced latency with an average of 7.14% total latency (which corresponds to 1.207 µsec average latency) is very acceptable for most industrial IoT applications. These results highlight the effectiveness of hybrid intelligent systems in enhancing the resilience and reliability of industrial IoT cybersecurity. The proposed model provides a promising pathway for deploying scalable, adaptive, and real-time IDS solutions in critical industrial infrastructures. On system computational overhead researchers should employ a minimum practical setup with modern multi-core CPU, 8–16 GB RAM, SSD, stable OS (Windows 10 only if hardware is modern) or run a lightweight Linux on edge plus offload heavy tasks elsewhere. Future research should also focus on optimizing hybrid ML architectures for low performance metrics for deployment of resource-constrained industrial IoT devices, integrating the approach for threat detection, and expanding evaluation to real-world industrial environments.
Abstract: The Industrial Internet of Things has enhanced automation, real-time monitoring, and predictive decision-making in modern industries. The study explores the mixed research methods (qualitative and quantitative). However, the growing connectivity of industrial IoT systems has exposed them to severe cyber threats such as Ransomware, MitM, and DDoS at...
Show More
