Choose your location to get a site experience tailored for you.

Remember my region and language settings

Cybersecurity Meets IT Risk Management

As the role of technology in corporate operations grows, security vulnerabilities—data theft, leakage of intellectual property, corporate sabotage, denial-of-service attacks—are growing. The damage from attacks like these can affect a company’s profits, reputation, brand, and competitive position. The damage can even affect a company’s viability, as direct costs for data breaches can reach hundreds of millions of dollars.

To fight back, companies must understand the risks they face and develop robust protection systems. . Each transaction should be traceable to an accountable person. The origin and history of each piece of information should also be known and well defined.

To ensure security success, executives should also:

  • Study every angle. Take a systemic and holistic view of IT systems and information and related risks. For example, a bank should focus on end-to-end availability of its client-facing online banking service instead of database, network, or IVR uptime.
  • Be deliberate. Ensure that IT security and risk management processes and principles are incorporated into the company’s corporate processes by design instead of as an afterthought or add-on.
  • Evaluate risks. Understand how much risk the business can afford, rather than how much security can be gained for a given budget. Think about which risks might be worth absorbing rather than mitigating.
  • Create a team. Make sure that IT and information security personnel aren’t at odds. Information security personnel should be advisors to the business. Their job is to ensure that projects meet all security requirements, help the company protect critical information and systems in an economically sensible way, and help projects succeed without any cost to innovation speed.
  • Plan to fail. Acknowledge that, despite best efforts, 100% security is not possible, and that a security breach of some type is likely inevitable. Then prepare accordingly by testing systems and their ability to recover, identify vulnerabilities, and design and test emergency operating procedures and response plans.
  • Look for weaknesses. Use scenario planning and war-gaming to help identify security threats and process gaps, and to design appropriate responses.

Information Life-Cycle Management and Security

Risk Management

IT Delivery and Security

Technology & Digital
Previous Page