How can the risk management function be strengthened to counterbalance overly aggressive executive decisions?

771 views2 Comments

Sort by:

Chief Technology Officer in Governmenta month ago

One way to do this is to design a framework for making decisions, scoring outcomes and assign a risk level. Then based on the risk profile they can vote on if they are still wanting to pursue a certain decision. I believe a standard process that includes a framework should help. It is similar to change management in IT, evaluate the impact and stakeholders and risk associated with the change (and/or decision)

CIO in Energy and Utilitiesa month ago

Have a tabletop exercise. Show the executives how the enterprise would be impacted in case of a cyber attack. Have a coach come in and take the leadership team through a cyber event, pencil out what they do not have access to, and what timelines, for instance, you in IT would be dealing with restoring their access, systems, and data - even cloud-based data.

In another enterprise, the CCO said to the coach, "We will just take sales orders by phone and put them into a spreadsheet..." - They were doing thousands of orders every month, and had a monthly revenue north of $1B. The coach, the CIO, and several others on the leadership team reminded him of that... Not an option...

Content you might like

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

What were your org’s biggest motivations for implementing a cloud native application protection platform (CNAPP)? Pick the top 2.

Improve container security1%

Improve app security24%

Improve cloud security posture overall28%

Streamlining security operations15%

DevSecOps integration24%

Compliance needs6%

Reduce complexity1%

Something else

View Results

Would the ability to automate your org's Travel and Expense (T&E) program be helpful?

Yes85%

No14%

What’s your “hot take” when it comes to security questionnaires?

When you’re working on budgeting alongside your CISO, do you ever find that one perspective tends to take precedence over the other? How do you approach finding a balance and making collaborative decisions together?

How can the risk management function be strengthened to counterbalance overly aggressive executive decisions?

Sort by:

Content you might like

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

What were your org’s biggest motivations for implementing a cloud native application protection platform (CNAPP)? Pick the top 2.

Would the ability to automate your org's Travel and Expense (T&E) program be helpful?

What’s your “hot take” when it comes to security questionnaires?

When you’re working on budgeting alongside your CISO, do you ever find that one perspective tends to take precedence over the other? How do you approach finding a balance and making collaborative decisions together?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Current State of Software Developer Experience

Unlocking the Potential: GenAI's Impact on Product Innovation and Growth

Buyer Journey Mapping: 2023

Take Your Insights On-the-Go