Why Compliance and IT Risk Management Shouldn’t Take Up All Your Time
Cyber security managers spend a lot of time on IT risk management and regulatory compliance.
In fact, in a recent survey by TechTarget, 34 percent of respondents said IT risk management took up most of their time, while 25 percent said regulatory compliance did. In 2016, 23 percent of senior IT executives expect compliance to be a their primary focus, while 18 percent believe risk management will.
Ryan Barrett, vice president of security and privacy at Intermedia, told SearchSecurity why risk management can be so time-consuming, but worthwhile.
“It involves constantly measuring risk (which is subjective), guessing at the likelihood (also subjective) and coming up with a plan to mitigate the risk. Following that risk from the beginning (identification) to the end (mitigation) can be long and boring,” Barrett said. “It’s not the sexiest part of information security, but it truly can yield some tangible results in keeping the business safe. The road may be long, but it’s worth traveling.”
With brand reputation, fines, investigations and much more on the line, compliance and risk management are high priorities in most organizations, and, thus, warrant substantial resources. However, as the TechTarget study suggests, these programs have become an enormous time-suck for IT teams that have many other security issues to worry about.
Fortunately, there is an alternative to the old ways of managing risk and compliance that can reduce the time burden and cost of these programs. Many organizations are finding that purpose-built GRC solutions help navigate the path to meaningful and actionable risk data, all the while maintaining compliance and an audit trail.
GRC solutions help IT teams simplify IT risk management and regulatory compliance by:
- Centralizing IT risk management and compliance data. Not only does this save the time lost switching from one tool to another and employees duplicating work, but it also provides the ability to link data and garner insights that weren’t available before.
- Automating as much as possible. Compliance mapping, assessments, risk scoring, task delegation — these are all laborious processes that can be automated to save unlimited man-hours.
- Ensuring apps are talking to one another. Being able to link and compare data from different applications for big picture analytics is key to a successful IT risk management program.
- Flexible reporting capabilities allow users to create a variety of interactive reports (bar charts, pie charts, heat maps, tree maps and more) in real-time, with drag-and-drop functionality.
For more information on how you can strengthen your IT risk management and compliance programs while saving time and money, check out Bring Order to the Chaos of IT Risk Management.
NSCC members face a new compliance requirement: cybersecurity confirmation. It sounds easy, complete a form, but risk is high. Here’s guidance.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
Learn about how HIPAA Compliance plays a role in protecting against cybercriminals.