Ever since the popular information breach of Target in 2013, the imperative need for enterprises the world over to enable a holistic information security architecture has become top priority. That being said, even today, security and information today, for many enterprises is more of a reactive idea. In other words, the enterprise vigilance kicks in for most of them only when the burglar alarm ticks off. With the explosion of SMAC technologies and the evolution in the way information is perceived, processed and monitored is, it is making the businesses and technology leaders realize that they definitely need to integrate a proactive approach to tackle the situation. Organizations are innovating at a feverish pace to bringing newer services and products to stay ahead in the globally competitive market. The enterprise boundary has gone beyond the traditional enterprise network. Clearly, new normal global enterprises are harping on newer approaches to maintain a degree of security, compliance and governance to ensure that they don’t go below the line, however blurry it may be. Federal government, for example, is far ahead of the relay, formulating newer strategies for generating data security and automated compliance management via an array of standards like Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST). This has developed so much so that it has become far more reliable than any other current industry standards like ISO/IEC 27001.
NIST, for instance, provides organizations with a range of recommendations to measure up to their security standards and maintain compliance which help them with holistically assess, quantify manage and automate risks. Although, proactive risk assessment, management and mitigation methodology leverages an array of benefits, getting that far ahead is not as easy job for enterprises. So how exactly do they do this? A typical Enterprise Risk Management (ERM) model employs a top-down analysis which holistically considers the organization’s functions, applications and assets, helping it eventually classify risks into critical, minor or major.
- The employment of the right tools and technology for the top-down analysis helps enterprises curate risks analysis for each asset by:
- Developing a risk profile for every asset in terms of reported data and compatibility to underlying policies and the industry best practices.
- Employing big data databases and quantification tools to store, correlate and identify individual sensory readings, all so a knowledgeable profile is built for each asset.
- Running quantitative risk analysis for each of the enterprise’s assets and systems.
ERM is a proactive approach that notifies enterprises of their broken locks and windows before the burglar slips in. This methodology assists organizations to capture time and resources that must have been consumed by audits, fines or breaches before. In all, ERM safeguards their most valuable assets which are their assets, both, tangible and intangible.
Raju is a former Happiest Mind and this content was created and published during his tenure.
