We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Experts: Cyber Risk Management Requires Enterprise-Wide Governance

Vote 0 Votes

risk identificationOnline media outlet TechTarget recently visited the 2014 Advanced Cyber Security Center (ACSC) conference right in our hometown of Boston, MA. Their findings? A successful cybersecurity risk management framework must be built around "Coordination. Cooperation. Collaboration."

"You are not going to eliminate the risk of attacks, you are going to manage the risk," said Michael Chertoff, former secretary of the U.S. Department of Homeland Security. Chertoff directed organizations to focus on threat management - i.e. the identification, prioritization, and mitigation of risk.

Chertoff also highlighted another fundamental of Enterprise Risk Management: shared, cross silo intelligence.

The experts say that Cyber Risk Management must be governed by an ERM software. Risk can materialize from anywhere across the enterprise, and the experts at ACSC correctly identified areas like the supply chain, gaps in IT infrastructure, and front line employees as potential sources of risk.

Aggregating, prioritizing, and mitigating risk in these areas requires ERM software capable of managing information across functions, and involving individuals in the risk management process that would not typically communicate their knowledge in an actionable manner.

In other words, ERM and Cyber Risk Management programs cannot be another silo of enterprise governance, and regardless of which standards and framework you choose, involving individuals at the front lines of the organization must be a priority.

Finally, past disruptive events, like the Heartbleed OpenSSL flaw, demonstrated a need for a cross-silo approach to assessing the control environment of an organization. While you can never be perfect, learning from the past to prepare for the future enables organizations to more effectively respond to new and emerging threats. ERM software provides a virtual "Health Check" at the activity level where the risk will materialize, allowing you to see where your organization stands in relation to the earlier stages of your program, and providing metrics to measure risk management effectiveness.

Read our annotated guide on SEC Mandated Cybersecurity Best Practices to learn how best to manage cyber risk from all areas of the enterprise.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven Minsky is the author of the RIMS Risk Maturity Model for Enterprise Risk Management and CEO of LogicManager, the recognized leader of enterprise risk management solutions. LogicManager provides an integrated, intuitive software-as-a-service platform that helps companies make better decisions through risk intelligence for more effective corporate governance, risk and compliance management.

Recently Commented On

Monthly Archives