RSA Conference Highlights Risk Management and the Board

Information security professionals from around the globe gathered at the RSA Conference in San Francisco earlier this month. Among the topics discussed, one stood out as a major priority for 2016: the relationship between the executive board and risk. This includes how aware boards are of risk in their organizations, how technology plays into this relationship and how effective risk management can drive better decision-making.

Boards are increasingly focused and attuned to IT risk. Yet CISOs and CIOs struggle to communicate relevant IT risk data to board members, especially in providing evidence and context around IT risks. CISOs and CIOs need to provide their boards with concise and accurate risk snapshots that incorporate IT risk into the overall risk posture, and show potential business and bottom line impact.

By linking IT risks to business objectives, processes and goals, the board can place a dollar amount on these risks and better understand the impact on organizational growth.

At the RSA Conference, CIOs and CISOs were evaluating solutions that can aid this process. Many were considering governance, risk management and compliance (GRC) solutions, as they provide an efficient approach that aggregates data from both operational and IT aspects of the business to efficiently provide context.

The C-Suite is also responsible for aligning technology strategies to business objectives. Often departments purchase solutions to solve an immediate need without looking at either the big picture or into what the departmental or organizational needs will be in the future. This leads to inefficient usage of resources and funds, which executives will ultimately be held responsible for.

By ensuring new and existing technologies align to business objectives, strategies and goals, the C-Suite can reduce technology redundancy and maximize budgets. These strategies and objectives are no longer separate goals, but are becoming interdependent as technology and information security become an underlying strategy and objective of the organization as a whole. Aligning IT and business strategies, objectives and goals fosters an information sharing and collaborative risk management and compliance culture, as opposed to independent and siloed efforts.

Related Articles