Industry trends - Survey results on Risk Management -
Posted by: Ryan Shopp
While Bryan continues to blog about practical experiences in IT Risk Management, I'm going to aggregate some key trends and insights on the industry as a hole. As previously promised, we will continue to stay away from product advertisements, etc. Just useful (hopefully) insights.
The Convergence of Physical and Information Security in the context of Enterprise Risk Management. Survey and report conducted by Deloitte.
some key points/snippets from the report:
...As it stands today, senior management typically sees security more as a tactical function than a necessary component of business processes or decision making.
...one of the challenges that must be mastered to achieve value is “integrating security strategy across the enterprise.” Rather than approach security in an uncoordinated and functionalized fashion, businesses need a top-down approach coordinated by a senior executive to
optimize the effectiveness and efficiency of the overall security system.
...for effective risk management, it is necessary to:
• Adopt a common operational framework
• Reduce autonomy while retaining authority
• Collaborate on all forms of enterprise security risks
• Provide better risk information for decision making
• Go beyond data sharing to collaborative planning and decision making
The document is over 50 pages long and also includes example case studies and a ton more graphics with survey results etc. A must for any organization looking to better align their security program with business initiatives and goals. The document even offers a risk management maturity model and insights around climbing up the maturity model.
Posted by: Ryan Shopp
While Bryan continues to blog about practical experiences in IT Risk Management, I'm going to aggregate some key trends and insights on the industry as a hole. As previously promised, we will continue to stay away from product advertisements, etc. Just useful (hopefully) insights.
The Convergence of Physical and Information Security in the context of Enterprise Risk Management. Survey and report conducted by Deloitte.
some key points/snippets from the report:
...As it stands today, senior management typically sees security more as a tactical function than a necessary component of business processes or decision making.
...one of the challenges that must be mastered to achieve value is “integrating security strategy across the enterprise.” Rather than approach security in an uncoordinated and functionalized fashion, businesses need a top-down approach coordinated by a senior executive to
optimize the effectiveness and efficiency of the overall security system.
...for effective risk management, it is necessary to:
• Adopt a common operational framework
• Reduce autonomy while retaining authority
• Collaborate on all forms of enterprise security risks
• Provide better risk information for decision making
• Go beyond data sharing to collaborative planning and decision making
The document is over 50 pages long and also includes example case studies and a ton more graphics with survey results etc. A must for any organization looking to better align their security program with business initiatives and goals. The document even offers a risk management maturity model and insights around climbing up the maturity model.
