9-16-2013.jpg?width=300Online media outlet TechTarget recently visited the 2014 Advanced Cyber Security Center (ACSC) conference right in our hometown of Boston, MA. Their findings? A successful cybersecurity risk management framework must be built around “Coordination. Cooperation. Collaboration.”

"You are not going to eliminate the risk of attacks, you are going to manage the risk," said Michael Chertoff, former secretary of the U.S. Department of Homeland Security. Chertoff directed organizations to focus on threat management - i.e. the identification, prioritization, and mitigation of risk.

Chertoff also highlighted another fundamental of Enterprise Risk Management: shared, cross silo intelligence.

The experts say that Cyber Risk Management must be governed by an ERM software. Risk can materialize from anywhere across the enterprise, and the experts at ACSC correctly identified areas like the supply chain, gaps in IT infrastructure, and front line employees as potential sources of risk.

Aggregating, prioritizing, and mitigating risk in these areas requires ERM software capable of managing information across functions, and involving individuals in the risk management process that would not typically communicate their knowledge in an actionable manner.

In other words, ERM and Cyber Risk Management programs cannot be another silo of enterprise governance, and regardless of which standards and framework you choose, involving individuals at the front lines of the organization must be a priority.

Finally, past disruptive events, like the Heartbleed OpenSSL flaw, demonstrated a need for a cross-silo approach to assessing the control environment of an organization. While you can never be perfect, learning from the past to prepare for the future enables organizations to more effectively respond to new and emerging threats. ERM software provides a virtual “Health Check” at the activity level where the risk will materialize, allowing you to see where your organization stands in relation to the earlier stages of your program, and providing metrics to measure risk management effectiveness.

Read our annotated guide on SEC Mandated Cybersecurity Best Practices to learn how best to manage cyber risk from all areas of the enterprise.

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!