For CISOs, data risk is like a fire underfoot. Data’s very fluidity and its constant generation
makes
a complete lockdown impossible - no matter how tight your security. We’re long past the days of data moving in a loop within a closed network. Even if you could build a wall, you wouldn’t, because growth can’t happen in a vacuum. So how do you take advantage of the scalability and flexibility of new technologies, while melding them with your workforce into a force for risk management, data privacy
and
security?
That’s the crux of the matter. Being in an evolving, growing business, requires taking risks. Grow too fast, get too “disruptive” or aggressive, the risk undermines long term stability. Rein it in too tightly, and you miss out capitalizing on opportunities that make sense. Knowing your risk appetite helps you figure out the right route to take in risk management planning. For too long, CISOs have borne the brunt of data security worries that need to be an organization-wide priority.
Just look at the blur of 2018’s data breach headlines. Millions of people using apps like Facebook, staying at one of Marriott’s many properties, exploring Quora’s knowledge base or using the US Postal Service, saw their personal data privacy compromised. And now we’re seeing regulations like the GDPR and the CCPA (coming in 2020) emerge to draw a line in the sand on how companies – global to local – protect personal data. That’s pushing risk management to the forefront.
Ultimately, as an organizational leader, you’ll need to decide what risks are necessary to continue your growth trajectory, then prioritize how you manage to those. Start with these five recommendations:
Once your organization knows what its risk appetite and risk tolerance levels are, you can move on to creating a risk management plan. Then you’ll have found that sweet spot between how hungry you are for innovation and growth, and how to help that happen without undermining data privacy and information security.
Are you confused about your risk management strategy? Contact Ostendio for a complimentary consultation with one of our security and compliance experts.