We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

IT Governance: Retailers Struggle with Data Breaches

Vote 0 Votes

IT Governance Example PhotoSally Beauty Holdings confirmed last week that its payment card systems had been compromised, but did not disclose the extent to which data had been breached.

The Texas based retailer is the next in a string of security incidents that include Target and Sony Pictures, and comes a year following the company disclosing a breach of 25,000 customer records.

If the risk is high, and best practices of organizations like NIST, ISO, and SANS are known, then where are the gaps in these organization's governance programs that must be addressed?

The likely culprit is a failure to effectively manage IT controls, testing, and governance activity within a standardized and communicable format. Many organizations appoint silos to manage a subset of organizational risk, like IT security, without equipping that silo with the ability to interact with its related components, like the vendors that supply its internal applications. The result is either inefficiency - a redundancy of assessments or data collection - or a gap in the governance program that can be exploited by criminals.

In order to make clear the institutional knowledge that is collected at the front lines, IT security managers must be equipped with an IT Risk Management Software that can elevate their concerns when appropriate, and allow them to prioritize and take action upon the most pressing risks. While a single individual may be capable of implementing a manual process that adheres to a particular governance framework, its far more effective to have that individual managing the process in an automated solution that can centrally manage and report on IT assets, applications, incidents, and risk assessments.

Learn more about LogicManager's Cybersecurity Solution, included in our Enterprise Risk Management Software Platform, or download our annotated guide on the SEC's Cybersecurity Best Practices.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives