Involving the C-suite in risk management

Featured eBooks
Space Tech
Read Now

CDM

Read Now

Digital Transformation

Read Now
By Dan Chenok and John Lainhart

By Dan Chenok and John Lainhart

|

Leaders throughout the organization need to join forces to more systematically and proactively address security threats

Executive Team

As the world becomes more digitized and interconnected, the door to emerging threats and proprietary data leaks has opened wider. The number of security breaches affecting enterprises across numerous industries continues to grow, seemingly every day. Once a topic restricted to the IT organization, security is now unquestionably a C-suite priority. A strong plan for risk management throughout the organization has become essential.

Cybersecurity is a core element of risk management in today’s interconnected world. As with other elements of risk, addressing security requires a broader organizational focus than has been the case in many agencies and enterprises. To rely solely on the CIO to control all security matters is like relying on a single firewall to protect against all types of threats.

Now more than ever, each leader in an enterprise must own a significant stake in securing the data and intellectual capital that flows through an organization. The responsibilities for those security issues overlap organizational boundaries, as does the potential damage if things go wrong. For example, corporate chief marketing officers or agency program leaders who focus keenly on reputation could find themselves at risk of losing customer trust and reputation if security violations result in the loss of personal information.

Therefore, C-suite professionals need to unify their efforts in managing risks and balance responsibilities for combating security risks throughout the organization. Leaders should begin by taking three important steps toward building security intelligence:

1. Get informed. Addressing IT security risk should be part of a larger risk management framework. Such a structured approach to assessing business and IT risks includes identifying key threats and compliance mandates, reviewing existing security risks and challenges, implementing and enforcing risk management processes and common control frameworks, and executing incident management processes when crises occur.

2. Get aligned. Security does not stop at the organization's boundaries. Successful organizations implement and enforce security excellence across the extended enterprise. That means involving key stakeholders, specifically:

  • Customers. Organizations must develop and communicate personal information policies, remain transparent and rapidly address privacy breaches.
  • Employees. Organizations should set clear security and privacy expectations, provide education to identify and address security risks, and manage the access and use of systems and data.
  • Partners. Organizations should work with their partners to develop and implement supply-chain security. They should also report on and manage risks as a normal part of business operations.
  • Auditors. Organizations must coordinate with auditors to align enterprise and IT risk, contribute to controls frameworks, and conduct regular reviews of regulatory and enterprise policies.
  • Regulators. Organizations must manage regulatory risks, demonstrate compliance with existing regulations, and review and modify existing controls based on changing requirements.

3. Get smart. As public and private enterprises seek to bolster their security defenses, the use of predictive analytics plays an increasingly important role. Such tools support automated risk management processes and sophisticated detection of advanced persistent threats -- critical building blocks for security intelligence. Requirements include the ability to identify previous breach patterns and outside threats to predict potential areas of attack, assess employee behavior to reveal patterns of potential misuse and monitor the external environment for potential security threats.

In our increasingly complex and interconnected world, security risks are real and increasing exponentially. Although solutions and strategies abound, there is one common denominator: Security is more than a purely technical issue. It depends on unification and input from multiple C-suite executives who can provide unique perspectives about risk, investment and preventive approaches to security issues.

A version of this article first appeared on www.businessofgovernment.org.

NEXT STORY: Dissidents invade Twitter account of adviser to embattled Turkish prime minister

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.