[Gartner] The CIO’s New Relationship with IT Risk

aYou return from a quick lunch expecting to see the usual beehive of activity in the areas between reception and your office. Instead you see and hear a low buzz of consternation and no one seems to have their fingers on a keyboard or their eyes on their computer screen. All of the computer and communications hardware is there. Nothing you can see is out of place. But the software and the data are gone. Totally gone from every computer and disk drive in the company.

Congratulations. Yours is the fourth company in the world to experience the latest style of hacker attack.

Managing Risk Outside the Perimeter

Two major changes face CIOs and their risk and security teams. The first is that mobile, social and cloud move business data and processes outside of the perimeter, and outside of traditional enterprise control. The second is that these are dynamic environments with no stability or predictability. Managing appropriate levels of risk in this environment will require a new approach. Yesterday it was a new tablet; tomorrow some vice president will ask for email on her new Google Glass.

“Often today, business units accept risk, CIOs are aware of it, and CISO’s really worry about it.”

By 2020, security will no longer be an IT problem, it will be a business problem, driven by a combination of increased business level dependence on technology and the inevitable increase in threat level and complexity. Smart CIOs get business executives involved early and establish cyber risk as a key operational risk to the business. In fact, one out of three CISOs already report outside of IT.

How should CIOs help their organizations innovate for digital business while building necessary and appropriate risk controls that the business will follow?

[to continue, click HERE]

Tags: , ,

Leave a Reply