While legislators have passed a multitude of statutes to aid in the protection of our economic interests pertaining to data systems – non-physical assets and privacy – frequently any course of action is still determined by the concept of monetary loss and treated as if someone was stealing or damaging physical assets, or as in the case of the Stored Communications Act (SCA), creating a statue that has been described as dense and confusing to even legal scholars.
Once the risk matrix has been populated, management must then prioritize the risks and determine which are the most critical to the viability, survivability and resilience of the enterprise. When that prioritization has been completed, various functions within the organization can be tasked to design the appropriate solution for the risk involved.
The latest buzzword these days is “Resiliency,” which for all intents and purposes is really nothing more than a new term for business continuity planning (BCP) in the private sector and continuity of operations planning (COP) in the public sector.
Probably the most important first step an organization should take in developing their BCP/COP program is to conduct an inventory of all of the enterprise’s processes, assets and resources (PAR). No one has the time or resources to boil the ocean, so once the inventory has been completed, the next step involves prioritizing the PAR list from the most critical to the least important.
Whether you are in a private or public enterprise, developing a solid base of intelligence on new and emerging technologies is a critical element in developing strategic and tactical responses to maintain operational continuity.
Monitoring emerging trends, customer likes and dislikes, and understanding unmet customer needs can determine how rapid a rate of incline or decline your business experiences. Companies spend millions of dollars conducting surveys of customers, potential customers, industry experts and key opinion leaders to determine if their products or services effectively meet, exceed or miss market expectations.
Establishing and maintaining a culture across the enterprise that is based on unwavering ethical practices from the boardroom to the lowest level employee is also a key element of effective governance programs.
One of the most important topics currently on boardroom agendas focuses on governance. Ensuring that the enterprise understands and complies with laws, regulations, policies and procedures is no longer simply enough.
Ever since the days of Jesse James, banks have always been a target of those after fast cash, but now, cybercrime is becoming the new Wild West of quiet, quick theft. Find out what the enterprise can do to mitigate cyber risks to its financial assets.
Celebrate 30 years of OSAC's Information-Sharing Partnership. Also, learn how to create risk-aware culture through privacy by design and how to protect assests with temporary security installations. Check out Security's October issue for all this and more!