//
you're reading...
Information Security, IT & TECHNOLOGY

Traveling the Road to GRC Maturity


ISACA-Logo

Today’s business environment is fraught with risk. However, to successfully seize growth opportunities in the market, organizations need to effectively position themselves to embrace risk with confidence instead of simply avoiding it.

Technology, economic and market conditions affect organizations on a daily basis. The constantly changing landscape of risk is a leading topic in headlines, industry forums, media outlets and board rooms. We are moving to a world where your risk management approach is not only your defense against known and unknown risks, but a critical component of your competitive advantage.

The next five years will bring even more pressure and greater shifts in the way governance, risk and compliance (GRC) programs need to operate to succeed. Not only are regulations and risk management needs changing, but the technology used to power businesses is radically shifting. The delineation between digital strategies and business strategies has disappeared, and any differentiation between cyber risk and business risk has vanished, as well.

What’s Your Cyber Risk Appetite?
Given that many new business growth strategies rely on technology, organizations must be able to manage cyber risk as part of their risk management strategy. This convergence is leading many organizations to think in terms of cyber risk appetite – what risks can the business take and which are beyond the tolerance of the organization.

GRC programs must create a unified risk culture and a common language across the enterprise in order to understand risk in the context of the organization’s overall objectives. Therefore, effective risk management practices must address cyber risk and business risk in equal measure and provide a consolidated view of risk to executives and practitioners.

These capabilities do not magically appear within an organization overnight. The transition from a compliance-driven approach to a risk-based strategy takes commitment and collaboration across all “lines of defense” within an organization. The road to a mature risk management strategy has many twists and turns. Organizations will face multiple forks in that road and a fair share of distractions and derailments. However, the benefits of staying the course are clearly evident.

Risk management is becoming a core capability that separates the winners from the losers. Organizations that understand and effectively manage risk will prosper, while those that cannot will fail. Success starts with the ability to manage risk in a manner that frees up resources to focus on the company’s long term, strategic objectives. Executives need relevant, up-to-date risk information in order to make the right decisions and pursue the right opportunities.

I am pleased to be participating in a 16 June (11 a.m. CDT) webinar titled Next-Gen GRC: Building a Road to GRC Maturity with fellow risk and compliance professionals to discuss this maturity journey. Every organization has its own challenges but there are some fundamental elements that can make a significant impact in your program’s success. We will be discussing strategies to push risk management across your organization and take your program to the next level.

Patrick Potter, GRC Strategist, RSA

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 115,070 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,068 other followers

Twitter Updates

Archives

June 2016
M T W T F S S
« May   Jul »
 12345
6789101112
13141516171819
20212223242526
27282930  
%d bloggers like this: