In your opinion, who SHOULD own the risk in your organization?

People & LeadershipSecurity & GRCKPIs, Metrics & Reporting+2 more

IT Director/Other Senior IT Manager17%

CISO/Other Senior Security Manager51%

Senior Manager in another part of the organization11%

CEO/other board member16%

operational risk2%

Other (comment below)1%


770 PARTICIPANTS
3.2k views1 Upvote7 Comments
Assistant Director IT Auditor in Education, 10,001+ employees
Risks are owned by the department head (senior level) where the risk exist, they are the folks who can best managed the risks.
CIO Strategic Advisor in Services (non-Government), 2 - 10 employees
No one person should 'own' risk for an organization. Risk should be transparent and shared among the appropriate stakeholders.
1 1 Reply
Assistant Director IT Auditor in Education, 10,001+ employees

What I have seen in risk management, is that risk owner varies depending on the organization. A risk can be assigned to a person or persons responsible for the day-to-day management of a risk. By assigning an owner, the designated risk owner ensures someone in the organization is accountable for the said risk. If there is no one person or a group charged with managing a risk, then by default, the entire organization will own the risk, and therefore, it is highly likely the risk may fall through the cracks and nothing done to address it (well run organizations assigned ownership) . Having a risk owner is an important step toward ensuring that a plan to mitigate (or accept) the risk is developed and acted upon in a timely manner to protect the organization from that risk exposure. In my career, I have seen SVP shown the door because they never took action to address risks identified in audits and the risk became realized.

1
VP, Chief Security & Compliance Officer in Software, 1,001 - 5,000 employees
The question is loaded as there are multiple definitions of risk.  A well structured risk governing body consists of the multiple lens.
Director in Manufacturing, 1,001 - 5,000 employees
Owned by Application (Budget) owner.  In my experience the risk can come from older or unmaintained systems, so if the owner wont' fund for upgrades, enhancements, closing security gaps, it's on the owner and the budget to decide to keep the systems and the risk, or shut it down, or fund remediation.
1
Director, IT Architecture in Software, 5,001 - 10,000 employees
Every StakeHolder should own risk
3 1 Reply
Assistant Director IT Auditor in Education, 10,001+ employees

Pproviding the person owning the risk is held accountable to address, mitigate, or accept the risk.

3

Content you might like

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
40.7k views131 Upvotes319 Comments

What cyber threat are you most concerned about?

Security & GRCData Protection & EncryptionStrategy & Architecture

Insider threats – rogue admins19%

Encrypting my data51%

Deleting my backup copies11%

Resident malware8%

Data theft – data exfiltration11%

Other1%


140 PARTICIPANTS
1.6k views1 Comment

At your organization, how much regression testing for new app features is done manually vs. how much is automated?

EngineeringTechnical Product ManagementSoftware Development+8 more

We are not doing regression testing10%

25% manual, 75% automated50%

50% manual, 50% automated27%

100% manual, 0% automated8%

Don't know2%


695 PARTICIPANTS
1.6k views3 Upvotes2 Comments

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRCThreat & Vulnerability Management
Read More Comments
2.6k views5 Upvotes5 Comments

What is the best work travel advice you’ve ever been given?

FeedbackPeople & Leadership
Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
17 3 Replies
Read More Comments
66.8k views69 Upvotes39 Comments