Risk and Compliance Management Moves Towards Collaboration
Managing the impact of a data breach is the top priority in risk management, yet respondents in a recent survey also reported that they lack the budget and resources to do that effectively.
Collectively, organizations today face an unprecedented volume and variety of information risks that have enterprise-wide impact, including increasingly sophisticated cybersecurity incidents, information leaks, aggressive regulatory sanctions and the proliferation of communication channels outside the control of IT or security.
According to a survey of 150 IT, compliance and security professionals conducted by communications compliance company Actiance and IDG Research, personnel are seeing more and more risks with corporate-wide impact, which has led to greater overlap in duties in fighting these threats. As a result, the majority of survey respondents highlighted the greater need for collaboration in the planning and execution of defense, monitoring and recovery strategies across IT, security and compliance. However, they require more resources across all functions. Interestingly, respondents ranked adding personnel low on the list as a solution: The addition of staff was mentioned the least as a strategy for managing risk moving forward.
On a positive note, collaboration between the three functions in the evaluation and selection of risk management solutions appears to be very high: 75% reported that their function collaborates with at least one or both of the other two departments in evaluating and selecting risk management solutions, whereas only 5% say their function alone is responsible for those tasks. Moreover, these functions want to stay on the same page moving forward – all ranked sharing common control processes as a high priority in collaborating with other departments to address information risk. Respondents across all functions overwhelmingly pointed toward clearly defined policies as an area that is working well today. Risk/compliance titles differed from others in highlighting monitoring and alerting process controls as an area that is also working well.
In terms of other priorities, managing the risk and impact of a data breach was ranked highest across all functions, with the only exception being risk/compliance titles, who ranked the loss of sensitive customer information slightly higher.
“Although the legacy technologies, buying processes, and functionally driven priorities of the last 15 to 20 years have left some organizations with redundant and ineffective risk management processes and solutions, many companies have successfully bridged the resulting informational and organizational silos,” said Robert Cruz, senior director of information governance at Actiance. “Firms are evolving toward a more holistic, collaborative model that incorporates the priorities of IT, security and compliance stakeholders.”
Source: Information Security Magazine