Opinion
A Whole Lot of Risk
Holistic approaches to managing operational risk continue to evolve and strengthen.
By Derek Slater
August 31, 2009 —
One of the long-term interests of CSO has been the coming-together of disparate elements of risk management.
We used to use the word 'convergence' a lot, referring specifically to the combination of physical and digital security. Nowadays that concept is fairly well-worn, which is not to say that everyone's caught up yet. (If you need a refresher on some of the critical concepts and practicals, you can brush up with IT and Physical Security Convergence: The Basics.)
Leading-edge thinkers have moved on to even more holistic viewpoints, aiming to add in all forms of operational risk management. This process doesn't necessarily require management by a single person; teams and committees are often drafted on a permanent or temporary basis to survey risk across all dimensions. Such an undertaking can draw in aspects of loss prevention, fraud prevention, audit, privacy, brand protection, business intelligence, human resources (think background checks), safety/OSHA, business continuity, ethics and more.
David Kent heads up such a function at Genzyme, and he'd be the first to tell you that it's a cooperative effort. The excellent folks at the Security Executive Council have also done a lot of good thinking about holistic risk management, with great minds like Francis D'Addario and George Campbell at work.
This year I have been particularly impressed with the cooperation demonstrated by associations ASIS - on the historically physical side of the house - and ISSA from the digital side. We've already seen these two organizations work together with audit group ISACA to form a broad risk management alliance; you can find details in my interview last December with former ASIS head Jeff Spivey.
The collaboration of these groups continues to produce real results. The big annual ASIS seminar is coming up next month in Anaheim; ISSA is "co-producing" thirty or more educational sessions. (I'll be in a CSO booth to meet-and-greet on Monday and Tuesday mornings; if you're at the show, please drop by and say hello.)
I think this level of cooperation bodes very well for the future of security and risk management. In the early years, political infighting and power struggles were often cited as insurmountable barriers to convergence of physical and IT security. The associations and their leadership continue to demonstrate that simply isn't true.
Other stories by Derek Slater
holistic risk management
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
