Eight Practical Tips to Link Risk and Security to Corporate Performance

Archived Published: 07 August 2014 ID: G00264758


Purchase this Document

Price: $495.00 USD (PAGES: 14)

To purchase this document, you will need to register or sign in above.


CISOs and risk officers struggle with how to link risk management efforts in security, privacy, business continuity and compliance to the value they provide at line-of-business and executive levels. We provide eight tips to communicate benefits to executive decision makers.

Table of Contents

  • Analysis
    • Introduction
    • Tip No. 1: Formalize an IT Risk and Security Program
    • Tip No. 2: Measure Your Program's Maturity
    • Tip No. 3: Use a Risk-Based Approach
    • Tip No. 4: Use Leading Indicators of Risk Conditions
    • Tip No. 5: Map Key Risk Indicators to Key Performance Indicators
    • Tip No. 6: Link Risk Initiatives to Corporate Goals
      • Case Study: A Power Utility Aligns Security Risk With Business Strategy
    • Tip No. 7: Don't Use Operational Metrics in Executive Communications
    • Tip No. 8: Communicate to Executives, Emphasizing What Works and What Doesn't
      • Step 1: Develop a Process Catalog
      • Step 2: Assess Process Maturity
      • Step 3: Develop a Process-Maturity-Based Risk Report
      • Step 4: Decompose the Gaps Into Projects
      • Step 5: Develop a Strategic Plan
      • Step 6: Issue Quarterly Reports
  • Gartner Recommended Reading
© 2014 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more