Published: 20 February 2024
企业安全职能在技术、组织和人员方面面临颠覆。风险管理领导者必须进行完善的准备工作并采取务实的态度,以应对颠覆,实施高效的网络安全项目。
通过积极与业务利益相关者合作、有效利用生成式人工智能(GenAI),安全和风险管理(SRM)领导者可以提高安全职能的声誉和绩效。此举还有助于奠定基础,支持企业机构以合乎伦理和安全的方式使用这一颠覆性技术。
开展投资,有效管理与第三方服务和软件相关的风险,提高身份编织的安全性,并持续监控混合数字环境的变化,可以减少企业机构的攻击面、提升韧性。
采用以业务成果为导向的网络安全指标,提高安全治理工作的一致性,可以提高安全职能的绩效和声誉,突出展现安全职能的定位——业务部门值得信赖的合作伙伴和企业机构战略目标的关键支持者。
在安全项目中贯彻以人为本的理念,对于最大限度减少员工风险行为有着十分积极的影响。此外,随着数字技术普及以及相关决策权的去中心化,此举还能够为围绕新兴技术的各类尝试提供更加有力的安全保障。
致力于优化企业机构网络安全项目和投资的SRM领导者,应:
对企业机构数字和第三方生态系统的各个组成要素实施持续、务实和以业务成果为导向的风险管理,提升企业机构的韧性。改善身份与访问管理(IAM)实践,充分发挥其在减少网络安全风险方面的作用。
协调网络安全决策,支持去中心化的技术项目。使用与业务成果挂钩且基于保护等级协议(PLA)的成果驱动型指标(ODM),衡量安全职能的绩效。
采用融合数据解耦策略的组装式应用架构,提升运营韧性、满足数据本地化要求。
采取战略性和以人为本的方法提高安全职能的绩效,包括重塑现有安全人才的技能,利用GenAI增强(而非取代)人类员工的工作,并实施符合企业机构具体情境的安全行为和文化项目。
Clients can log in to view the entire document.
Analysts:
Richard Addiscott, Jeremy D'Hoinne, Chiara Girardi, Pete Shoard, Paul Furtado, Tom Scholtz, Anson Chen, William Candrick, Felix Gaehtgens
Gartner research, which includes in-depth proprietary studies, peer and industry best practices, trend analysis and quantitative modeling, enables us to offer innovative approaches that can help you drive stronger, more sustainable business performance.
Our independence as a research firm enables our experts to provide unbiased advice you can trust.
Not only is Gartner research unbiased, it also contains key take-aways and recommendations for impactful next steps.
Our research practices and procedures distill large volumes of data into clear, precise recommendations.
We provide actionable, objective insight to help organizations make smarter, faster decisions to stay ahead of disruption and accelerate growth.
We offer one-on-one guidance tailored to your mission-critical priorities.
We work with you to select the best-fit providers and tools, so you avoid the costly repercussions of a poor decision.
Connect directly with peers to discuss common issues and initiatives and accelerate, validate and solidify your strategy.
Gartner clients can log in to access the full library.
Attend a Conference
Experience Information Technology conferences
With exclusive insights from Gartner experts on the latest trends, sessions curated for your role and unmatched peer networking, Gartner conferences help you accelerate your priorities.
Gartner CIO & IT Executive Conference
São Paulo, Brasil
© 2026 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of Gartner's business and technology insights organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner business and technology insights may address legal and financial issues, Gartner does not provide legal or investment advice and its insights should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its insights are produced independently by its business and technology insights organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity. Gartner publications and other content may not be used as input into or for the training or development of generative artificial intelligence, machine learning, algorithms, software or related technologies.
