Value of aligning risk management and information security comes into focus in new resource from RIMS and ISACA
Schaumburg, IL (Sept. 9, 2019) – IT and risk management professionals must speak the same language to more effectively incorporate the benefits and uncertainties associated with data and technology into the organizations’ overall strategy and to add value, according to a newly published, complimentary white paper from ISACA and RIMS, Bridging the Digital Risk Gap: How Collaboration Between IT and Risk Management Can Enhance Value Creation.
The “Bridging the Digital Risk Gap” white paper outlines how the changing digital risk landscape, new regulatory requirements, and greater understanding of commonalities between IT and risk management make a strong case for aligning the two in order to realize significant benefits.
Additionally, the report highlights ISACA’s Risk IT Framework and how it integrates both IT and risk management, as well as demonstrates how risk management can be incorporated into the technology life cycle. The resource also points out how both IT and risk management professionals can integrate the frameworks that each uses—including the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework, the risk process from the American National Standards Institute (ANSI) risk assessment standard RA.1—as well as integrate roles and methods of assessment.
“When enterprises examine the evolving risk environment and the benefits that can come from integrating risk management and IT, it becomes very clear that this collaboration is important to the overall business-risk portfolio,” said Paul W. Phillips, III, CISA, CISM, technical research manager at ISACA and a contributing author to the white paper. “This kind of strategic coordination can bring many positive outcomes, including better incident response and improved information protection.”
The report also includes RIMS’ Enterprise IT Risk Management Responsibility Assignment Matrix that shows organizations how they can visualize the roles within the IT ecosystem and the cross-functional expertise required, as well as a map for ISACA’s Risk IT Framework and the RIMS Maturity Model (RMM). The map emphasizes the alignment between each domain in ISACA’s Risk IT Framework and the seven attributes of the RMM.
“Collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise. Understanding one another’s world is the first step for building a constructive and symbiotic relationship,” stated Carol Fox, RIMS VP of strategic initiatives and contributor. “In doing so, IT and risk management professionals can leverage their knowledge and resources to better inform decision makers on how business strategies and objectives can benefit from IT capabilities, and spur investment in new technology.”
Now in its 50th anniversary year, ISACA is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips practitioners with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 460,000 engaged practitioners—including its 140,000 members—in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 220 chapters worldwide and offices in both the United States and China. For more information, visit isaca.org.
As the preeminent organization dedicated to promoting the profession of risk management, RIMS, the risk management society®, is a global not-for-profit organization representing more than 3,500 industrial, service, nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS is committed to advancing risk management capabilities for organizational success, bringing networking, professional development and education opportunities to its membership of more than 10,000 risk management professionals who are located in more than 60 countries. For more information on RIMS, visit www.RIMS.org.
Source: Information Systems Audit and Control Association (ISACA) and Risk & Insurance Management Society (RIMS)