Regulation should not drive risk, security planning

Friday, 09 August, 2013

Regulation should not drive risk, security planning

CIOs should stop basing their IT risk and security planning primarily on the need to ensure compliance with regulations, according to Gartner.

Compliance is an outcome of a solid risk management policy, according to Gartner Research Director John A Wheeler, and should not dominate decision-making.

“By simply trying to keep up with individual compliance requirements, organisations become rule followers, rather than risk leaders [able to] proactively address the most severe threats to their organisations.”

Risk leaders approach compliance risks by tracking key regulatory and business changes, and then creating a plan to address compliance requirements in a way that improves resilience and influences their business’s success, Wheeler said.

The key distinction is not to treat compliance activities as mere checkbox exercises, but taking into account the risks that compliance activities are intended to address.

“If CIOs are managing their risks effectively, their compliance requirements will be met, and not the other way round,” Wheeler said.

He recommends companies create a formal program of controls based on the specific risks unique to their business, and then map rules and laws onto these controls. This also requires CIOs to be able to make a defensible case to regulators that the rules are being properly followed.

CIOs should also be working with their security and risk management teams to create a program capable of anticipating and adapting to changing regulatory requirements, Wheeler added.

Related Articles

IT strong as 1 in 3 Australian companies begin hiring

The most in-demand positions are infrastructure experts, software developers and engineers, and...

Huawei calls for fairness over removal of Chinese gear

Huawei has responded to Macquarie Telecom's call for the telco sector to strip out Chinese...

Tech consultancy plants roots in Melbourne

Tech consultancy Slalom will establish its Australian HQ in Melbourne, in a move the state...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd