New report looks at the value of aligning risk management and information security
- Published: Wednesday, 11 September 2019 09:16
IT and risk management professionals must speak the same language to more effectively incorporate the benefits and uncertainties associated with data and technology into the organizations’ overall strategy and to add value, according to a newly published white paper from ISACA and RIMS.
‘Bridging the Digital Risk Gap: How Collaboration Between IT and Risk Management Can Enhance Value Creation’ outlines how the changing digital risk landscape, new regulatory requirements, and greater understanding of commonalities between IT and risk management make a strong case for aligning the two in order to realize significant benefits.
Additionally, the report highlights ISACA’s Risk IT Framework and how it integrates both IT and risk management, as well as demonstrates how risk management can be incorporated into the technology life cycle. The resource also points out how both IT and risk management professionals can integrate the frameworks that each uses (including the US National Institute of Standards and Technology (NIST) Cybersecurity Framework, the risk process from the American National Standards Institute (ANSI) risk assessment standard RA.1) as well as integrate roles and methods of assessment.
“When enterprises examine the evolving risk environment and the benefits that can come from integrating risk management and IT, it becomes very clear that this collaboration is important to the overall business-risk portfolio,” said Paul W. Phillips, III, CISA, CISM, technical research manager at ISACA and a contributing author to the white paper. “This kind of strategic coordination can bring many positive outcomes, including better incident response and improved information protection.”
The report also includes RIMS’ Enterprise IT Risk Management Responsibility Assignment Matrix that shows organizations how they can visualize the roles within the IT ecosystem and the cross-functional expertise required, as well as a map for ISACA’s Risk IT Framework and the RIMS Maturity Model (RMM). The map emphasizes the alignment between each domain in ISACA’s Risk IT Framework and the seven attributes of the RMM.