Information Security in Context
The CISO as a Transformational Role in Risk Management
[tabs style=”default”] [tab title=”Executive Summary”]
When the organization approaches information risk as a silo disconnected from other enterprise risk areas that do not collaborate with each other there is no possibility to be intelligent about risk decisions that could impact business strategy and operations. Risk Management maturity increases as the ability to connect, understand, analyze, and monitor interrelationships and underlying patterns of performance, risk, and compliance across the business grows. Organizations require complete situational and holistic awareness of information risk management across operations, processes, relationships, systems, transactions, and data to see the big picture or risk and impact on performance and strategy. Understanding and managing risk in today’s environment requires a new paradigm in managing the interconnections and relationships of risk, particularly information risk. Given the pervasive use of information and technology across the organization, it is a natural path for information security to step up to lead enterprise risk management strategies. CISOs need to stay on top of their game by monitoring information security risk to their organization both internally (e.g., operations, processes, systems, and data) and externally (e.g., threat, competitive, legal, and geographic environments) to stay competitive in today’s economy. Organizations must understand information security risk and make risk-informed business decisions to manage effectively manage risk across the enterprise.
[/tab] [tab title=”Table of Contents”]
- Information Security at the Center of Risk Chaos
- Inevitable Failure: Managing Information Risk in a Silo
- IT Risk in Context of Enterprise Risk Brings Agility
- Aligning IT Risk in the Context of Business
- CISO as a Leader of Operational Risk Management
- Technology Enables the CISO in Leading Risk Management
- Benefits the CISO Can Expect in Leading Risk Management
- GRC 20/20’s Final Perspective
- Action Items the CISO Must Take to Lead Risk Management
- About GRC 20/20 Research, LLC
- Research Methodology
[/tab] [tab title=”Author”]
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.