Page 21 - index
P. 21
8) Maintain awareness of cyber threats.
“Many people, even top-level management, don’t include cybersecurity in their ERM,” notes Nicolas
Quairel, Partner and head of IT Consulting at WeiserMazars LLP. “They don’t include it because
they don’t see where it fits in the traditional structure.
But the truth is that cybersecurity risks are very serious and need to be included in any
comprehensive ERM program. There is a direct connection between technology risk and business
risk.”
It has become increasingly important to treat cybersecurity risk as any other business risk,
including considering it in the Enterprise Risk Management (ERM) program. Cybersecurity’s deep
impact on consumer perception, the overall business, and revenue, make it an organizational risk,
not just an IT risk.
Recent guidance from COSO explained how its 2013 framework and 2004 Enterprise Risk
Management, Integrated Framework can help companies evaluate and respond to cybersecurity
risks.
Barriers to Getting Started
Often times finding the right individuals and establishing knowledgeable committees make treating
cybersecurity with appropriate seriousness a major challenge.
A strategic vision and process must be developed, including designating who is responsible for
cybersecurity and information systems at the C-suite level, such as an independent CISO.
Risk committees and measurement programs should also be put in place to evaluate inherent and
residual cyber risks, and to incentivize and track the progress made in these areas.
As cybersecurity risks become more complex, the longer organizations take to adapt to the new
landscape makes it more likely that sensitive and confidential data will be compromised.
Sources
http://www.sans.org/reading-room/whitepapers/analyst/data-center-server-security-survey-2014-
35567
https://www.promisec.com/blog/study-shows-data-breaches-due-to-employee-error/
http://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342
http://www.dhs.gov/sites/default/files/publications/C3%20Voluntary%20Program%20-
%20Cyber%20Risk%20Management%20Primer%20for%20CEOs%20_5.pdf
http://www.coso.org/documents/COSO%20in%20the%20Cyber%20Age_FULL_r11.pdf
21 Cyber Warnings E-Magazine – September 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
