Enterprise risk management strategy is the process of recognizing, observing and banishing threats to an organization, which can range from careless human error to natural disasters, strategic management errors, financial uncertainties and many other IT bumps in the night. Fueled in part by recent government monitoring and retail-giant slip-ups -- as well as the traditional risks that have long plagued IT departments -- corporate executive boards are developing a heightened interest in mitigating threats in an effort to avoid massive financial injury and the loss of investor and customer trust.
In this CIO Briefing, learn why enterprise risk management strategy is important and how to influence your executive board to prioritize the protection of information assets. Read about today's organizations that are practicing good risk management, and get advice from CIOs who have taken on -- and warded off -- large-scale threats.
This Essential Guide on enterprise risk management strategy is part of the CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics.
1MAKING THE CASE-
Enterprise risk management is not to be overlooked
Does your organization's executive board need a little nudge in order to understand the importance of a broad enterprise risk management strategy as a necessary component of corporate operations? In this section, we provide some real-world examples of how companies are confronting a world of intensifying threats.
Learn how to present a risk management plan to the executive board with advice from vice president and Gartner fellow French Caldwell. In this tip, Caldwell explains guiding principles for complying with the Sarbanes-Oxley Act and exactly how the CIO's presentation should be structured. Continue Reading
It took some time, but cybercrime is a finally a top concern across the executive board -- not just for the CIO and CISO. SearchCIO Executive Director Christina Torode looks at how the enterprise cybercrime discussion has evolved and why board members are seeking advice. Continue Reading
While the National Security Agency is getting a lot of negative media attention for its invasive data surveillance, CIOs should be taking notes. In this Data Mill column, SearchCIO Senior News Writer Nicole Laskowski reviews Bruce Schneier's talk at MIT, where he suggests reputation matters when managing risks associated with data collection. Continue Reading
As mobility use booms, an increasing number of enterprise security breaches stem from internal human error rather than external threats. Make sure your corporation is equipped to handle these threats with a proper enterprise risk management strategy in place. Continue Reading
Do you have to choose one or the other? In this CIO Matters column, SearchCIO Executive Editor Linda Tucci looks at the potential enterprise risks pertaining to the misuse of big data. Find out why identifying risks associated with burgeoning big data sets might prevent financial catastrophe. Continue Reading
Risk advice from Baroness Pauline Neville-Jones
Baroness Pauline Neville-Jones, the United Kingdom's special representative to business on cybersecurity, sat down with SearchCIO's Christina Torode at the Information Systems Security Association, or ISSA, conference in Nashville, Tenn., to discuss cybersecurity and risk management for the enterprise. Watch our video coverage below.
Learn the difficulties the U.S. government system faces in raising cybersecurity awareness and why starting at the state level might be the best remedy.
Many enterprise organizations don't realize their true vulnerability to cyberattacks until it's too late. Make sure your CIO and CISO are keeping their efforts properly focused.
Neville-Jones discusses the security impact of managed cloud services and the importance of mapping IT enterprise infrastructure.
3NEW TOOLS, NEW RISKS-
Innovative enterprise risk management strategy for new technologies
Executing an enterprise risk management strategy is no easy task, especially as new technologies change the threat landscape. While cloud, mobility, bring your own device and big data have CIOs reconsidering their approach to risk management, we share stories of CIOs who are reevaluating and implementing new risk management strategies.
Many CIOs are hesitant about implementing cloud solutions, pointing to security concerns in this still-emerging frontier. The cover story of a recent issue of Modern Infrastructure, CIO Edition examines security challenges characteristic of cloud computing and gives advice for meeting these concerns head-on. Continue Reading
Mark Tonsetic and Jeremy Bergsman, a managing director and a practice manager respectively at the Washington, D.C.-based consultancy CEB, help IT leaders craft an enterprise framework that alleviates cloud risks in three, simple steps. Continue Reading
It's no secret: Employees want to bring their own devices to work. Unfortunately, something as simple as a lost or stolen mobile phone could leave sensitive business data exposed. In this Future State column, SearchCompliance Site Editor Ben Cole discusses new consumer-focused mobile technology security tools. Continue Reading
Eric Brynjolfsson, director of the MIT Center for Digital Business and a professor of management, discusses the risk management issues that emerge when big data is on the business scene. Continue Reading
In the big data age, information governance is a monumental task, especially when the associated risks are taken into consideration. And protecting sensitive company information is even more difficult as BYOD and cloud use proliferate in the corporate world. Continue Reading
Risk management terms for CIOs
Before you start asking your company's risk management experts a long list of questions, brush up on your risk-related lingo.
5PROTECTING INFORMATION ASSETS-
Advice on managing risk, from CIOs for CIOs
In this section of our enterprise risk management strategy guide, practitioners and experts share what they've learned about risk management, offering tips for conducting a risk assessment, detecting common spreadsheet errors, protecting personal information and more.
During a recent Twitter discussion, SearchCIO asked participants what is required for a solid risk assessment and how these evaluations should be completed. Read their tweeted responses to inspire your risk management strategies. Continue Reading
Spreadsheets are easy to use and easy to share, but that doesn't mean they're not prone to errors. Felienne Hermans, an assistant professor at Delft University of Technology, discusses the unruly relationship between an enterprise and its spreadsheets in this installment of the Data Mill. Continue Reading
IT leaders are constantly challenged by both external and internal stakeholders to explain what formal processes are in place to identify and address critical risks. SearchCIO contributor Chris McClean offers tips for risk practitioners working to define and articulate the role of risk management. Continue Reading
Until a company assigns a value to different pieces of corporate information, it's difficult for CIOs and CISO to secure that information and manage risk -- and do it all on a budget. These tips from Ed Ferrara, principal analyst at Forrester Research Inc., help IT organizations manage security spending. Continue Reading
Risk management planning: New threats, new paradigms
CIOs involved with risk management planning and privacy controls must be prepared to confront internal and external threats, ranging from human error and BYOD to data leakage and nefarious hackers. Do these risks have you panicky about your strategies for protecting data and other valuable IT assets? Do you know enough to put your CEO at ease? Take our quiz, reviewing some of our most recent stories on risk management planning, to find out.Take This Quiz