In today's globalized business environment, no company is an island.
The ecosystem of a typical company comprises an exceedingly large number of entities with which the company does business, including customers, partners, agents, affiliates, vendors, and service providers. Taken together, these third parties constitute what we call “the extended enterprise.”
Let's consider these scenarios:
-
An outsourced vendor for transaction processing decides to exit the business and provides little notice or transitional support to your company.
-
An important distributor does not provide the amount of prime shelf space that had been agreed upon with you and instead leads with a competitor’s product.
-
A contracted supplier does not deliver merchandise on-time, thus disappointing customers and damaging the your company’s brand reputation.
-
A customer organizes a boycott of your company’s products via social media.
-
A sales agent routinely favors a competitor, causing revenue and market share to decline in an important region.
-
Several franchisees do not spend co-op advertising dollars as instructed by you, resulting in a poor consumer response to holiday promotions.
All these situations are very common but poise a severe RISK MANAGEMENT issue for your company. You have no choice but to prepare your company ready for all these kinds of risks. Many cybersecurity professionals think that they have nothing to do with these types of risks. They are wrong!
Because IT Risk Management in itself is a part of this Enterprise Risk Management posture. It is not out of that. Your company officials have to take it as a combination of diverse risks with various degrees of severity based on the nature of the relationships your organization has with its third parties.
Each CxO is trying to manage risk for their domain and, therefore, have different priorities and points of view when it comes to handling these risks:
-
CRO
The Chief Risk Officer looks at the organization’s overall risk profile and where they are most vulnerable to unexpected loss.
-
CFO
The Chief Financial Officer must ensure that the necessary controls are in place to have accurate financial statements.
-
CISO
Chief Information Security Officer must ensure that the IT Infrastructure supports the overall business drivers of the organization. The CISO must minimize the risk of the IT environment and assess and communicate the impact of this environment on the overall organization from a Governance, Risk, and Compliance perspective.
Regardless of the organizational perspective of risk management, both process and IT controls must be established to get a complete picture of the organization’s risk posture.
Remember, establishing IT security controls, monitoring these controls, mitigating the risk observed through those controls, and reporting and communicating risk posture are critical capabilities for an IT security organization.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM