IT-GRC is on the corporate 2016 agenda because big data, internet of
things and cloud computing can create unsafe IT and cyber security breakdowns
A significant number of Information risks components
are on the management agenda because cyber-attacks command management's
attention: Managing digital assets in a new socio-technology environment
will explore how businesses assess and manage information risk because all
organisations have sloppy employees.
Just as technology has transformed
cloud and big data into a valuable business asset, outsourcing, cloud
computing, social media, "design adapted device" and other technology-enabled
business trends to suggest that information is increasingly being dispersed
across the globe and global transactions within the corporation.
Cyber-attacks related to Information risks
Now the biggest obstacle to raising the priority of information risk is
a lack of understanding of the issues. More than three-quarters of respondents
from a recent survey think that information risk can typically be mitigated
by technology fixes to hardware and software.
The focus on cyber-attacks and Information risk in the new technology
landscape is focused on implementing more equipment and technical fixes.
This approach intimidates and overshadows the vital role that employees
and discipline play in both mitigating and creating IT Security risks.
Awareness of information risk does not extend to the business. Most companies
are failing to create a culture of knowledge of IT security:
- Only 27 % of the report a substantial understanding of information
risk across the organisation. The most knowledgeable departments are
IT and finance, where the core ---most critical information is thought
to exist.
- 57% believe that the small level of awareness of the organisation
is equally true vertically: the importance of protecting information
has not been a tone-at-the-top issue and, therefore, has not filtered
down to lower levels of the business.
Managing IT and digital assets.
Workshops, training and seminars increase the awareness of being prepared.
(see: http://www.riskability.org/2016/it-security/index.htm)
Still up to 40% of CEO and CIO's require proper training and guidance
on the actions to be taken, after the information has been lost or stolen.
- One in four respondents, on the other hand, has enough knowledge,
training and experience to take the lead in the event of an IT Security
breach.
Copenhagen ComplianceŽ continues to foster collaboration and information
sharing are encouraged thru the IT Security seminars and workshops:
- 62% of respondents to our survey are looking to governments and
regulators to take a larger lead in information risk management.
- The primary concern is to promote knowledge sharing between companies
on potential cyber-attacks.
- 68% of respondents would appreciate greater regional harmonisation
of the rules surrounding data security.
Therefore, we recommend that in-house IT-Security training, education,
workshops and seminars is the answer so that all employees feel prepared.
It seems that senior business leaders apparently focus on other issues
and problems and, therefore, are ill-prepared for a loss of information
at their business. Please note that nearly half of all organisations have
experienced a loss of information, assets or IP in the past two years
due to cyber breaches.
For more information, guidance and implementation templates see: http://www.riskability.org/2016/it-security/index.htm