A recent article from DarkReading.com outlined the risk management priorities that will keep Chief Information Security Officers busy in 2013, but it is important information for all risk management professionals and especially those providing them with technology solutions. In short, contributing writer Ericka Chickowski identified the following priorities:
1) Quantitative Analysis – It’s no longer about which risk management solutions to implement, but whether those already implemented are doing their job. A method of RIIOT (Review, Interview, Inspect, Observe, Test) is suggested for the most thorough analysis of systems in place.
2) Integrating GRC Across the Company - The data mining, analysis, and monitoring solutions in place for governance, risk management, and compliance can now drive innovation more than ever before. Feedback from information security technology can drive changes company-wide and further risk management policies and data management across departments.
3) Supply Chain Risk Management - Major supply chain channels will be under tighter monitoring and restrictions resulting in a demand for improved IT systems and accountability.
4) Human Risks – As Bring Your Own Device (BYOD) and social media continue to creep into the work place, monitoring the human risk factors in the office will become even more critical.
5) Continuous Monitoring – Internet brings with it real-time threats, so IT must provide real-time monitoring, vulnerability detection and real-time solutions. Especially companies working with the government in 2013 will be required to provide near instantaneous security assurance on all processes.
6) Talking the Business Talk – CISO’s and risk management professionals will no longer be able to stick to risk and security language but will be responsible for translating into boardroom lingo to apply initiatives to corporate objectives. As IT solutions continue to permeate throughout every department of the company, information security professionals need to understand the origins and applications of the data and not just how to secure it.
7) Incident Preparedness – Risk professionals will have to put better policies in place not only for risk prevention but handling incidents they do not manage to prevent. Response communication procedures in 2013 will need improvement to reach real-time management requirements and continously analyzed for effectiveness.|
Click here to read the full article on DarkReading.com