One of the complaints that we hear from information risk practitioners is that the management does not show enough support and concern for the program.
There is no doubt that good management comittment makes the program successful and management's efforts lead to making information security and risk management as a culture within the organization. But, at the same time as information risk professionals, it is absolutely essential that one understand the business. In order to build a program that suits the business requirement, one should understand the business processes, business objectives, key stakeholders, key customers, other business interests, legal and regulatory requirements, etc.
So, do we have any evidence of enough management concern towards information risk?
In a recent interview, Ram Charan, the acclaimed advisor to many CEOs world over was asked,
What are the challenges and problems CEOs are coming to you with post the financial crisis?
This varies from business to business, economy to economy. I will give you what is generally on the minds of the leaders. One is enterprise risk, that’s because uncertainty has increased. There is more regulation and more volatility in the financial system. So they all have to think about risk and how to mitigate it. Two, corporate governance and succession have become important items.
This is definitely good news as information risk plays important roles in both corporate governance and enterprise risk.
No comments:
Post a Comment