Value and Benefits of Aligning Risk Management and Information Security Highlighted
IT and risk management professionals must speak the same language to more effectively incorporate the benefits and uncertainties associated with data and technology into the organisations’ overall strategy and to add value, according to a newly published, complimentary white paper from ISACA and RIMS, “Bridging the Digital Risk Gap: How Collaboration Between IT and Risk Management Can Enhance Value Creation.”
Technology has long been integral to the success of any organisation, but as the range of business applications and the pace of innovation have increased, so has the risk. The “Bridging the Digital Risk Gap” white paper outlines how the changing digital risk landscape, new regulatory requirements, and greater understanding of commonalities between IT and risk management make a strong case for aligning the two in order to realise significant benefits.
These benefits to an organisation include being:
- Transparent, nimble and timely
- Clearly defined in roles, accountability and decision-making authority
- Forward-looking in its risk assessment and benefit analyses (and not primarily resource based)
- Aligned to broader mission and strategy objectives
Additionally, the report highlights ISACA’s Risk IT Framework and how to integrate both IT and risk management frameworks that each department uses, such as the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework into the technology life cycle.
“Because of expanding digital risk landscapes, risk management and cybersecurity capabilities are also evolving as a corresponding horizontal competency. Lack of, or poorly thought out, digital enterprise strategies can torpedo an organisation’s mission and overall objectives.” stated Carol Fox, RIMS VP of strategic initiatives and contributor. “Likewise, failed implementations that do not deliver expected value to the organisation, whether due to scope creep, budget overages or unrealistic expectations can damage the viability of organisations, as much as security risks related to data breaches and expropriation of intellectual property.”
“When enterprises examine the evolving risk environment and the benefits that can come from integrating risk management and IT, it becomes very clear that this collaboration is important to the overall business-risk portfolio,” said Paul W. Phillips, III, CISA, CISM, technical research manager at ISACA and a contributing author to the white paper. “This kind of strategic coordination can bring many positive outcomes, including better incident response and improved information protection.”
The report also includes RIMS’ Enterprise IT Risk Management Responsibility Assignment Matrix that shows organisations how they can visualise the roles within the IT ecosystem and the cross-functional expertise required, as well as a map for ISACA’s Risk IT Framework and the RIMS Maturity Model (RMM). The map emphasises the alignment between each domain in ISACA’s Risk IT Framework and the seven attributes of the RMM.
“Collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise. Understanding one another’s world is the first step for building a constructive and symbiotic relationship,” added Fox. “In doing so, IT and risk management professionals can leverage their knowledge and resources to better inform decision makers on how business strategies and objectives can benefit from IT capabilities, and spur investment in new technology.”
To read the free white paper, visit https://www.mysecuritymarketplace.com/product/bridging-the-digital-risk-gap-how-collaboration-between-it-and-risk-management-can-enhance-value-creation/