If everybody seems to be buzzing about all the risks in IT, there’s a good reason for it. Actually, there are four, according to John Wheeler of Gartner.com. The first is lack of understanding. The interaction between board members and Chief Information Security Officers is long overdue, and when it does happen the IT risks are not presented in a business context that the board can understand and act on. More risk management data needs to be used to effectively communicate between business and IT.
Disclosure, Visibility, and Understanding
Then there is the increasing pressure to disclose technology risks. For instance, in 2011 the U.S. Securities and Exchange Commission instructed companies to disclose certain aspects of the registrant’s business that might give rise to material cyber security risks. Also, there is the lack of visibility into key business relationships with third-parties, and the growing interconnection between technology and business risks. Every company is now using technology as a part of their business innovation, but if business and IT don’t understand each other, the risks might outweigh the benefits.
Read the article in full here: http://blogs.gartner.com/john-wheeler/4-reasons-driving-growing-interest-in-it-risks/