Security protection of new technologies (part of achieving digitalization) needs to be integrated strongly with risk management and governance, and this should be reflected in organization-level changes, rather than being seen as solely a technical matter.
- The relentless increase in the intensity of IT within organizations, and the ever more rapid technological change being adopted within business processes, means that risks relating to IT are a more important organizational concern than ever.
- The continuing elevation of the business status of technology must be matched by greater maturity in considering the related risks, and applying business knowledge to drive the right approach to protecting the value that should accrue from technology investments.
- The capability to manage risks arising from technologies delivered as services, from outside enterprises, is increasingly important to organizations under digitalization initiatives, and for many this will be an area requiring new resources and expertise.
Features and Benefits
- Examines how the scope and integration of risk management and security must broaden to cover new risks from digitalization.
- Identifies how addressing issues around organizational structure and processes is as important as those relating to technology.
- Explains how integrating risk management with security enables focus on relevant business objectives.
- Gives examples of how new technologies involve potential risks for security and risk management to address .
Key questions answered
- How should CISOs roles evolve to meet new security and risk challenges from digitalization?
- How can risk information relating to security issues be used as a source of organizational value?
Table of contents
Recommendations for enterprises
Recommendations for vendors
Recommendations for service providers
The scope of risk and security management must broaden to cover new risks from digitalization
Governance principles must control technology delivery and use
Digitalization focuses perspectives on information value and risk
Addressing organizational structure and processes is as important as technology
Security and governance should be integrated with board-level responsibilities
CISO responsibilities are increasingly critical to all types of organization
Integrating risk management with security enables focus on relevant business objectives
Risk insight enables security problems to be analyzed in a business context
Risk should underpin business cases for security investment
Security and risk management must address new technologies that constitute potential risks
Rigorous management capabilities typically lag the maturity of new technologies’ adoption and implementation
Risk and compliance management of externally provided technology is a rapidly increasing requirement