Essential Guide

Get started Bring yourself up to speed with our introductory content.

Enterprise risk management strategy: A planning guide for CIOs

Identify, monitor and vanquish threats to the business with this Essential Guide, which offers CIOs advice on perfecting their enterprise risk management strategy.


Enterprise risk management strategy is the process of recognizing, observing and banishing threats to an organization, which can range from careless human error to natural disasters, strategic management errors, financial uncertainties and many other IT bumps in the night. Fueled in part by recent government monitoring and retail-giant slip-ups -- as well as the traditional risks that have long plagued IT departments -- corporate executive boards are developing a heightened interest in mitigating threats in an effort to avoid massive financial injury and the loss of investor and customer trust.

In this CIO Briefing, learn why enterprise risk management strategy is important and how to influence your executive board to prioritize the protection of information assets. Read about today's organizations that are practicing good risk management, and get advice from CIOs who have taken on -- and warded off -- large-scale threats.

This Essential Guide on enterprise risk management strategy is part of the CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics.


Enterprise risk management is not to be overlooked

Does your organization's executive board need a little nudge in order to understand the importance of a broad enterprise risk management strategy as a necessary component of corporate operations? In this section, we provide some real-world examples of how companies are confronting a world of intensifying threats.


How to sell a risk management strategy to the C-suite

Learn how to present a risk management plan to the executive board with advice from vice president and Gartner fellow French Caldwell. In this tip, Caldwell explains guiding principles for complying with the Sarbanes-Oxley Act and exactly how the CIO's presentation should be structured. Continue Reading


Executive boards have cybercrime on their minds

It took some time, but cybercrime is a finally a top concern across the executive board -- not just for the CIO and CISO. SearchCIO Executive Director Christina Torode looks at how the enterprise cybercrime discussion has evolved and why board members are seeking advice. Continue Reading


NSA data surveillance, lesson learned for CIOs

While the National Security Agency is getting a lot of negative media attention for its invasive data surveillance, CIOs should be taking notes. In this Data Mill column, SearchCIO Senior News Writer Nicole Laskowski reviews Bruce Schneier's talk at MIT, where he suggests reputation matters when managing risks associated with data collection. Continue Reading


Uneducated users and mobility increase information security threats

As mobility use booms, an increasing number of enterprise security breaches stem from internal human error rather than external threats. Make sure your corporation is equipped to handle these threats with a proper enterprise risk management strategy in place. Continue Reading


Choosing between big data and personal privacy

Do you have to choose one or the other? In this CIO Matters column, SearchCIO Executive Editor Linda Tucci looks at the potential enterprise risks pertaining to the misuse of big data. Find out why identifying risks associated with burgeoning big data sets might prevent financial catastrophe. Continue Reading


Risk advice from Baroness Pauline Neville-Jones

Baroness Pauline Neville-Jones, the United Kingdom's special representative to business on cybersecurity, sat down with SearchCIO's Christina Torode at the Information Systems Security Association, or ISSA, conference in Nashville, Tenn., to discuss cybersecurity and risk management for the enterprise. Watch our video coverage below.


Cybersecurity awareness could thrive if state government stepped in

Learn the difficulties the U.S. government system faces in raising cybersecurity awareness and why starting at the state level might be the best remedy.


Private and public sectors must combine forces against cyberattacks

Many enterprise organizations don't realize their true vulnerability to cyberattacks until it's too late. Make sure your CIO and CISO are keeping their efforts properly focused.


Mapping enterprise infrastructure is needed to improve cybersecurity

Neville-Jones discusses the security impact of managed cloud services and the importance of mapping IT enterprise infrastructure.


Innovative enterprise risk management strategy for new technologies

Executing an enterprise risk management strategy is no easy task, especially as new technologies change the threat landscape. While cloud, mobility, bring your own device and big data have CIOs reconsidering their approach to risk management, we share stories of CIOs who are reevaluating and implementing new risk management strategies.


Cloud security risks loom large over enterprise IT

Many CIOs are hesitant about implementing cloud solutions, pointing to security concerns in this still-emerging frontier. The cover story of a recent issue of Modern Infrastructure, CIO Edition examines security challenges characteristic of cloud computing and gives advice for meeting these concerns head-on. Continue Reading


Managing cloud services: CIOs account for three deficiencies

Mark Tonsetic and Jeremy Bergsman, a managing director and a practice manager respectively at the Washington, D.C.-based consultancy CEB, help IT leaders craft an enterprise framework that alleviates cloud risks in three, simple steps. Continue Reading


Are consumer-targeted mobile security tools the future of BYOD?

It's no secret: Employees want to bring their own devices to work. Unfortunately, something as simple as a lost or stolen mobile phone could leave sensitive business data exposed. In this Future State column, SearchCompliance Site Editor Ben Cole discusses new consumer-focused mobile technology security tools. Continue Reading


Big data's big picture: CIOs charged to take the lead

Eric Brynjolfsson, director of the MIT Center for Digital Business and a professor of management, discusses the risk management issues that emerge when big data is on the business scene. Continue Reading


BYOD and cloud complicate the risk landscape

In the big data age, information governance is a monumental task, especially when the associated risks are taken into consideration. And protecting sensitive company information is even more difficult as BYOD and cloud use proliferate in the corporate world. Continue Reading


Risk management terms for CIOs

Before you start asking your company's risk management experts a long list of questions, brush up on your risk-related lingo.


Advice on managing risk, from CIOs for CIOs

In this section of our enterprise risk management strategy guide, practitioners and experts share what they've learned about risk management, offering tips for conducting a risk assessment, detecting common spreadsheet errors, protecting personal information and more.


How to assess risk: Business risk assessment and management for CIOs

During a recent Twitter discussion, SearchCIO asked participants what is required for a solid risk assessment and how these evaluations should be completed. Read their tweeted responses to inspire your risk management strategies. Continue Reading


Risk management for age-old, error-prone spreadsheets

Spreadsheets are easy to use and easy to share, but that doesn't mean they're not prone to errors. Felienne Hermans, an assistant professor at Delft University of Technology, discusses the unruly relationship between an enterprise and its spreadsheets in this installment of the Data Mill. Continue Reading


Mobile device protection in four steps

IT executives walk a tightrope to balance the productivity gains afforded by mobile devices against their quite real security risks. In this tip, we offer some expert advice for not toppling off the rope. Continue Reading


Risk management for internal and external environments

IT leaders are constantly challenged by both external and internal stakeholders to explain what formal processes are in place to identify and address critical risks. SearchCIO contributor Chris McClean offers tips for risk practitioners working to define and articulate the role of risk management. Continue Reading


Put a value on information for smart spending

Until a company assigns a value to different pieces of corporate information, it's difficult for CIOs and CISO to secure that information and manage risk -- and do it all on a budget. These tips from Ed Ferrara, principal analyst at Forrester Research Inc., help IT organizations manage security spending. Continue Reading


Risk management planning: New threats, new paradigms

CIOs involved with risk management planning and privacy controls must be prepared to confront internal and external threats, ranging from human error and BYOD to data leakage and nefarious hackers. Do these risks have you panicky about your strategies for protecting data and other valuable IT assets? Do you know enough to put your CEO at ease? Take our quiz, reviewing some of our most recent stories on risk management planning, to find out.

Take This Quiz

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.