ITMPI FLAT 003
Main Menu
Home / IT Governance / Risk management now driven by ‘fear’, not strategic enough

Risk management now driven by ‘fear’, not strategic enough

Risk management policies have, traditionally, been driven by fear and tactical decision making. However, this isn’t the best way to create a powerful, strategic, and proactive risk management process. It’s easy to slip into the “what if” mindset, surely, when discussing the possible dangers that lurk within IT, but this very rarely does more than create a sense of looming destruction and an uptick in market shares for antacids. The way forward, according to Ellyne Phneah, is to be more proactive. This is counter to what has occurred in the past, perhaps, but recent events along with increased visibility demand a change: According to Ang Poon-Wei, ICT security market analyst at IDC, in the past, due to the costs incurred by IT security, many organizations often leave it out of discussions until the last minute or unless it is mandatory for government, risk and compliance. Today, the need to include IT Security in risk management discussions is becoming apparent to organizations of all sizes and verticals, he noted. This was especially after the  fall of Enron in 2002, the implementation of the  Sarbanese -Oxley Act  and the  global financial crisis in 2008, widening risk management’s scope to encompass IT governance due to many headline losses of confidential information from sophisticated cyberattacks, Vincent Goh, Asia-Pacific vice president at RSA observed. It’s important to understand risk in the larger sense, according to Goh: don’t try to manage enterprise risk in silos. Unified governance and risk management compliance will keep organizations focused on the highest priority projects while still monitoring the overall possibility of risk throughout the company. With the increase of BYOD and mobile technology, companies must be strategic and proactive about risk management rather than reactive.

About Anne Grybowski

Anne is a former staff writer for CAI's Accelerating IT Success, with a degree in Media Studies from Penn State University.

Check Also

CSI Not Miami: How to Create a Culture of Improvement

While the abbreviation “CSI” may be more publicly associated with the string of cop procedurals …

Leave a Reply

Your email address will not be published. Required fields are marked *