Information Security in Context
The CISO as a Transformational Role in Risk Management[tabs style=”default”] [tab title=”Executive Summary”]
When the organization approaches information risk as a silo disconnected from other enterprise risk areas that do not collaborate with each other there is no possibility to be intelligent about risk decisions that could impact business strategy and operations. Risk Management maturity increases as the ability to connect, understand, analyze, and monitor interrelationships and underlying patterns of performance, risk, and compliance across the business grows. Organizations require complete situational and holistic awareness of information risk management across operations, processes, relationships, systems, transactions, and data to see the big picture or risk and impact on performance and strategy. Understanding and managing risk in today’s environment requires a new paradigm in managing the interconnections and relationships of risk, particularly information risk. Given the pervasive use of information and technology across the organization, it is a natural path for information security to step up to lead enterprise risk management strategies. CISOs need to stay on top of their game by monitoring information security risk to their organization both internally (e.g., operations, processes, systems, and data) and externally (e.g., threat, competitive, legal, and geographic environments) to stay competitive in today’s economy. Organizations must understand information security risk and make risk-informed business decisions to manage effectively manage risk across the enterprise.
[/tab] [tab title=”Table of Contents”]
- Information Security at the Center of Risk Chaos
- Inevitable Failure: Managing Information Risk in a Silo
- IT Risk in Context of Enterprise Risk Brings Agility
- Aligning IT Risk in the Context of Business
- CISO as a Leader of Operational Risk Management
- Technology Enables the CISO in Leading Risk Management
- Benefits the CISO Can Expect in Leading Risk Management
- GRC 20/20’s Final Perspective
- Action Items the CISO Must Take to Lead Risk Management
- About GRC 20/20 Research, LLC
- Research Methodology
©GRC 20/20 Research, LLC. All Rights Reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.