Enterprise Risk Management: A New Beginning - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership
3/8/2021
06:00 AM
Ramsés Gallego, International CTO, Cybersecurity, Micro Focus
Ramsés Gallego, International CTO, Cybersecurity, Micro Focus
Sponsored Article
50%
50%

Enterprise Risk Management: A New Beginning

Credit risk. Fraud risk. Public image risk. Environmental risk. Enterprise risk management is key to sustainable business strategy and operational resiliency.

Risk management is a key aspect of enterprise operational lifecycle. Every corporate initiative, board mandate and basically every movement in life implies a risk. It is imperative, then, to comprehend what an organization can do with risk. The possibilities are: Accept Risk, Deny Risk, Transfer Risk, and Treat Risk. I would like to focus on the last two (Transfer Risk and Treat Risk) since they are usually confusing and misunderstood in the marketplace.

Given the rise of cyber-insurance, organizations tend to think that they can transfer the risk because they have gone through an assessment. In an ideal world, they know their risk exposure and they have a document indicating that they will be compensated if risk actually manifests. However, companies and executives must know that they are not (really) transferring the risk but acquiring the assurance that they will be compensated. But the risk still exists and can reveal at any given time. I feel it is unfair to think that the risk is transferred; it is more the angle of risk being 'considered' and considered for the consequences and impact it may have. But the risk is never transferred nor mitigated nor reduced by having cyber-insurance. And that takes me to the last option and, usually, the one that is better understood: treating the risk with countermeasure, with controls, with processes and procedures, with technology.

Organizations around the world must adapt and adopt organizational and technological measures to fortify the way they identify risk, govern risk (beyond just manage it) and provide a risk response. The technology aspect on this is undeniable since technology will bring a fresh perspective on what is happening in the in/out vectors of company, who is accessing critical information, which anomalies are deviating from a normal pattern of behavior, etc. Technology is instrumental for success, but there are two other dimensions equally fundamental: people and processes. With that triad (People - Processes - Technology) companies can cover most of the cases in the troubled, exceptional, remote times that we are living: customer accessing products, employees managing data in the cloud, consumers requesting information from the datacenter on their mobiles. But to seize risk the right way there's another triad that should be a pillar of the governance of the digital enterprise: Culture - Structure - Strategy. It feels imperative to fully comprehend which is the culture of the company (centralized, decentralized...), how the structure of the entity is designed from a reporting and authority perspective, and how the strategy (and its tactics) are defined and executed.

A sound security program must consider these two (beautiful) triangles and build a consistent, coherent, and robust approach to govern risk and fulfill the promise of ensuring the responsible use of resources while minimizing the window of exposure of the organization on every channel to the world out there: cloud, application security, identity management, access governance, control and monitoring, endpoint protection, network assurance, etc.

Protection and defense are, more than ever, a competitive advantage for every business. If organizations can demonstrate that they have built a security program that can be trusted and puts the customers at the core of everything they do, that is a compelling message for people. We should not forget that trust is earned, is deserved -- and customers need to be assured that their data will be protected, no matter what, and that their provider have the mechanism to respond to threats accordingly.

This is not an era of changes but the change of an era. One that requires a vigorous approach to Enterprise Risk Management and the acceptance that technology plays a critical role to identify, protect, detect and response. Companies need to be on their way to becoming resilient, to being capable to respond to the overarching questions on how to anticipate, withstand, recover, and evolve. ERM presents a unique opportunity to do so and the time has come for the world to embrace it the right way.

With a background education in business administration (MBA) and law, Ramsés is a 22+ years security professional with deep expertise in the risk management and governance areas. Ramsés is the International Chief Technology Officer, Cybersecurity, at Micro Focus, where he defines the vision and mission, purpose and promise of the company in that arena.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
News
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll