IT Compliance Advisor

Aug 16 2011   2:31PM GMT

Make your enterprise risk management policy proactive, all-inclusive

Ben Cole Ben Cole Profile: Ben Cole

During SearchCompliance.com‘s recent virtual trade show on enterprise risk management, presenter Kevin Beaver opened his presentation with a quote from management expert James Champy:

“Many executives are insulated from reality and consequently don’t know what the hell is going on.”

Beaver cited this trend and subsequent “general false sense of security” as a major factor in the proliferation of ineffective enterprise risk management policies. Due to the maze of complexity in business environments — wireless networks, mobile devices, the cloud, to name just a few — the potential for flaws and security vulnerabilities is nearly limitless, Beaver said.

As a result, basic technical and operational security weaknesses can snowball and result in big problems for business if they are not dealt with effectively and in a timely manner. This lack of preparation and general “everything-is-fine” attitude was cited several times by presenters throughout the virtual trade show, “Enterprise Risk Management: Mitigation Strategies for Today’s Global Enterprise.”

During his presentation on risk management strategies for protecting enterprise supply chains, consultant and IT auditor Paul Kirvan pointed out the many threats to organizations and the firms that support them, and suggested that supply chain risk management should be an important business activity.

“Much work needs to be done to transform an organization from one that simply reacts to unplanned events to one that anticipates disruption, develops prevention and mitigation strategies to address them and has fully developed procedures to keep the organization and its supply chain running,” Kirvan said.

Kirvan suggested companies quantify and prioritize risks, then develop strategies that can cost-effectively address supply chain risk points. Another key factor to an enterprise risk management policy is to identify employees’ role in the supply chain, and to outline a succession plan that prepares alternate members of the staff to step in and take over for employees in their absence.

By doing so, organizations can prepare for and plug any holes in the management chain before something as simple as a key employee catching the flu causes a huge compliance risk.

“This type of activity should not be restricted to the most senior members of the organization,” Kirvan said.

Perhaps the simplest message is this: Get involved. By being proactive and paying close attention to the risks unique to your organization, you can get a jump on vulnerabilities before they snowball into major violations.

Security needs to be addressed now, and the true leaders focus their efforts before a security breach occurs, not after, Beaver said.

“Forget about what security analysts are saying, stop listening to scare tactics and focus on the basics: urgent flaws on most important systems,” he said.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: