IT GovernanceRisk Management

Risk management now driven by ‘fear’, not strategic enough

Risk management policies have, traditionally, been driven by fear and tactical decision making. However, this isn’t the best way to create a powerful, strategic, and proactive risk management process. It’s easy to slip into the “what if” mindset, surely, when discussing the possible dangers that lurk within IT, but this very rarely does more than create a sense of looming destruction and an uptick in market shares for antacids. The way forward, according to Ellyne Phneah, is to be more proactive. This is counter to what has occurred in the past, perhaps, but recent events along with increased visibility demand a change: According to Ang Poon-Wei, ICT security market analyst at IDC, in the past, due to the costs incurred by IT security, many organizations often leave it out of discussions until the last minute or unless it is mandatory for government, risk and compliance. Today, the need to include IT Security in risk management discussions is becoming apparent to organizations of all sizes and verticals, he noted. This was especially after the  fall of Enron in 2002, the implementation of the  Sarbanese -Oxley Act  and the  global financial crisis in 2008, widening risk management’s scope to encompass IT governance due to many headline losses of confidential information from sophisticated cyberattacks, Vincent Goh, Asia-Pacific vice president at RSA observed. It’s important to understand risk in the larger sense, according to Goh: don’t try to manage enterprise risk in silos. Unified governance and risk management compliance will keep organizations focused on the highest priority projects while still monitoring the overall possibility of risk throughout the company. With the increase of BYOD and mobile technology, companies must be strategic and proactive about risk management rather than reactive.

Show More

Leave a Reply


We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.