Blog

Experts: Cyber Risk Management Requires Enterprise-Wide Governance

Posted by Steven Minsky on November 11, 2014 at 20:30

9-16-2013.jpg?width=300Online media outlet TechTarget recently visited the 2014 Advanced Cyber Security Center (ACSC) conference right in our hometown of Boston, MA. Their findings? A successful cybersecurity risk management framework must be built around “Coordination. Cooperation. Collaboration.”

"You are not going to eliminate the risk of attacks, you are going to manage the risk," said Michael Chertoff, former secretary of the U.S. Department of Homeland Security. Chertoff directed organizations to focus on threat management - i.e. the identification, prioritization, and mitigation of risk.

Chertoff also highlighted another fundamental of Enterprise Risk Management: shared, cross silo intelligence.

The experts say that Cyber Risk Management must be governed by an ERM software. Risk can materialize from anywhere across the enterprise, and the experts at ACSC correctly identified areas like the supply chain, gaps in IT infrastructure, and front line employees as potential sources of risk.

Aggregating, prioritizing, and mitigating risk in these areas requires ERM software capable of managing information across functions, and involving individuals in the risk management process that would not typically communicate their knowledge in an actionable manner.

In other words, ERM and Cyber Risk Management programs cannot be another silo of enterprise governance, and regardless of which standards and framework you choose, involving individuals at the front lines of the organization must be a priority.

Finally, past disruptive events, like the Heartbleed OpenSSL flaw, demonstrated a need for a cross-silo approach to assessing the control environment of an organization. While you can never be perfect, learning from the past to prepare for the future enables organizations to more effectively respond to new and emerging threats. ERM software provides a virtual “Health Check” at the activity level where the risk will materialize, allowing you to see where your organization stands in relation to the earlier stages of your program, and providing metrics to measure risk management effectiveness.

Read our annotated guide on SEC Mandated Cybersecurity Best Practices to learn how best to manage cyber risk from all areas of the enterprise.

Views: 110
Tags: cyber, cybersecurity, erm, risk, software
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by Steven Minsky

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

FEATURED BLOG POSTS

LATEST BLOG POSTS

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead