Day: March 4, 2015

Posted on

Does Your Organization’s ERM Software Have All Crucial Specifications?

Accomplishing a secure business environment—meaning a work culture backing proactive risk management and accurate risk decision making—is the stepping stone toward reaching the risk management goals of an organization. To achieve it, you need an efficient enterprise risk management (ERM) software system, which looks into your business intricacies.

There are many ERM software products available in the market, but you need to pick out the one solution that facilitates the ERM requirements of your enterprise. The ERM software you choose should enable you to convert risk intelligence to support the development of your decisions.

Here are the crucial features you should be looking for in your ERM software:

Absolute integration
Risk management architecture plays a major role in integration. There is plenty of data pertaining to risk identification, assessment and management, documentation, operations and execution, testing, audit management, report generation, controls and solutions, and IT support. They have to be synchronized under one platform. An application that provides a central source for risk documentation, which includes risks, processes, entities, controls, tests and results, is ideal for a well-coordinated work setting. Boards and management largely rely on these reports to make business decisions. Only an integrated ERM platform can provide accurate data to support decision-making practices.

Software that embraces plan and strategy
Adopt an ERM tool that is designed to embrace business goals and objectives, regulatory norms, workflow, specific industry functions, and the best practices of your organization. The design should be equipped with automated monitoring and compliance report generation, as you need to be prompt in identifying, analysing and responding to risks.

Event tracking and point of origination
Event tracking wins a significant brownie point for ERM applications. You can use loss event tracking to track loss incidents and near misses, record amounts, and identify root causes and ownership. It helps in validating the risk profiles of business units.

An ERM platform should be capable of taking you through the event sequences and timeframes, and should independently detect the source of risk origination. It should be programmed to expose the vulnerable areas of an organization and pinpoint risk triggers and catalysts. That enables you to carry out risk mitigation treatments with a definitive approach.

Scenario analysis
ERM software should be programmed to examine the business environment, from eminent past events to changes in the current market, for an extensive record of scenario analysis. Impending risks based on real-time events should be charted for analysis and mitigated.

Loss prediction
The platform should empower you with information on expected future losses for individuals, each business unit, a group of entities, as well as the entire organization.

Risk and control self-assessment
The ERM platform should enable all business units to participate in risk and control self-assessment processes. A comprehensive operational risk profile of the enterprise can be derived using this approach. Identifying and evaluating risks and assessing the controls are important for risk management. The solutions should follow up on control measures and evaluate their success or failure rate. Thus, a risk and control self-assessment feature helps you enhance the control environment.

Risk library
Having a risk library facilitates future efforts for risk identification.

Key risk indicators (KRIs)
Your ERM application should have the ability to set KRIs taking into account the risk appetite and risk threshold of the enterprise.

Flexible configuration
Risk landscapes are changing constantly. New risks are emerging out of the latest tools and technology used by enterprises. This means there will be fluctuations in risk profiles, risk appetite, KRIs and other disciplines. A flexible ERM solution is indispensable in the current business scenario. Moreover, the deluge of more and more regulatory reforms and policies can also be incorporated if the software solution is built with a flexible approach.

Purchasing the most expensive or the best brand’s ERM software solution may not help your risk management objectives. Look at features in detail and check how they fit with your risk management framework and assessment techniques.

Mohammed Nasser Barakat
Partner at CAREWeb and BRS Service Line Leader for the ME region

[ISACA]

Posted on

Cybersecurity Jobs are in High Demand; Got what it Takes?

With security attacks dominating news headlines, it’s no secret that global cybersecurity professionals are in high demand. According to the (ISC)² 2013 Global Information Security Workforce Study, two out of three C-level respondents reported security staff shortages. The lack of skilled and qualified information security professionals is having a negative economic impact, with 56% of respondents saying the staffing shortage is causing a huge impact on their organizations.

The call to action is clear: We need a global call to arms within academia to develop enough talent to fulfill this critical industry need. I’ve certainly heard the call loud and clear at the (ISC)² Foundation. In fact, this is one of the key reasons that we developed the Information Security Scholarship program, and also why we continue to look for partner organizations to help fund additional scholarship programs. We are making a direct impact on the global staffing crisis in information security by bringing more people into the information security field.

A multitude of Information Security Scholarships are offered year-round through the (ISC)² Foundation. In fact, the application period for our Undergraduate and Graduate Scholarships just opened. Students can apply for an Undergraduate or Graduate Scholarship now through June 17, 2015. Our Women’s Scholarship and Faculty Exam Voucher application periods are open through March 31, 2015.

I’m honored to have the privilege of offering students an opportunity to afford an education through the (ISC)² Foundation. They will go on to join a global workforce that desperately needs top talent to protect our most critical information, systems and networks. Here’s what some of our previous recipients had to say about how receiving a scholarship from the Foundation positively influenced their education and ultimately, their lives:

Anna Truss, Turkmenistan (Graduate Scholarship recipient)

“I’ve been through a lot of challenges throughout my life to get to where I am now, and getting this scholarship will definitely help me achieve my goals in life. One of my many goals is to receive a Master of Science degree in cybersecurity. This scholarship, for me, is not the end, but rather the beginning of a brighter future.”

Dulce Gonzalez, Mexico (Undergraduate Scholarship recipient)

“This scholarship is a wonderful reminder to me that good things do happen to good people. This scholarship is a reminder of the endless possibilities out there for me. Being a first generation college student has been a struggle but now I am more motivated than ever to follow my dreams and conquer my goals.”

These and so many other students are provided with an opportunity to go to college because of generous donations from the public and partner organizations. If you would like to make a personal contribution to help students like Anna and Dulce, you can make a tax-deductible (for those in the U.S.) donation at: https://donatenow.networkforgood.org/isc2cares.

So the question is, do you have what it takes to become an information security professional? Or do you know someone who is trying to earn a degree in this growing field, but cannot afford it? Please help us spread the word of this enriching program to help students realize their dream of a college education. The protection of the future cyber world is counting on it.

-Julie Peeler, Director, (ISC)² Foundation

[(ISC)² Blog]

English
English
Exit mobile version