New Year’s Resolutions for Risk Management
It’s a New Year and the month for the time-honored tradition of making New Year’s Resolutions. You won’t find any resolutions on our list about exercise, diet or giving up vices. These resolutions are for those in the business of managing risk and resolved to improve their programs.
With that in mind, we present our New Year’s Resolutions for Risk Management.
Reframe IT security as a business challenge
Given the role of technology in every department, it’s a misnomer to relegate IT security to the IT department. IT security is a business challenge that impacts everyone. How do you accomplish that? As this case study shows, the CISO of OpenMarket, a global leader in mobile messaging, labeled the company’s information security program, “Enterprise Trust Initiative,” with the value proposition of increasing customer trust in the company. By giving the program a company-centric name and championing its purpose, the challenge was no longer IT security. It became a front and center business challenge impacting customers that’s a more front-burner issue for executives.
Address ecosystem risk by integrating all types of risk
A supply chain risk becomes an operational risk. Meeting regulatory requirements impacts processes that touch multiple departments. These two examples are what Jake Olcott with BitSight Technologies calls ecosystem risk in this webinar. They show the interconnected nature of risk, and with the digital shift and increasing reliance on third parties, that risk is magnified. The best way to manage risk in 2019 is through integrating your risk management processes. It can help you gather and correlate data from all points of the enterprise for a more thorough analysis and better risk prioritization.
Assign a priority to compliance with data privacy regulations
Anticipate and prepare for a state-by-state passage of data privacy regulations that started with the California Consumer Privacy Act. Elected officials and the public want stronger oversight. Make it a priority in 2019 to update processes for managing data unique to customers and employees. Get started by cataloging your assets, and you’ll be better prepared to comply with data privacy regulations when enacted.
Prepare for cyber risk discussions in the boardroom
Organizations in every industry have been victims of cybercrime and data breaches. Senior leadership and the board are increasingly concerned and want answers. What should be discussed? Jack Jones, Chairman of the FAIR Institute, in his white paper, “Managing Cybersecurity Surprises: The Executive’s Perspective,” writes: “the key is to focus intently on identifying and tracking those assets that have the potential for truly painful outcomes, which are the surprises executives care most about.”
Master the single plane of glass view
It’s what everyone wants—the single plane of glass. It puts risk data and key performance indicators at eye level, enabling you to spot trends in the data and make more informed decisions. The challenge is what goes on behind the plane of glass and getting the data to view on screen. A good place to start is to map out your internal processes that will be essential when you acquire a technology solution that gives you the single plan of glass view.
That’s our five New Year’s Resolutions for Risk Management. Keeping these resolutions won’t be easy but let this be the breakthrough year. 2019 is filled with opportunity, and it favors those who are inventive and resolute about their goals.
Our second Risk Roundup that lassos two major incidents in the public arena and other developments.
Follow one of our employees on his journey to prepare for a 50 mile run.
Learn about the parallels between Marie Kondo’s approach to organization and managing risk, running a compliance program, and other GRC activities.