Drive Down Risk by Leveraging Compliance

March 27, 2012

leverage_enews It’s a scary world out there. Hackers stalk your networks just waiting to access your data. Identity thieves are busily scheming how to take over your assets. Fraudsters look for ways to take advantage of your good graces for personal gain. Maybe you have total confidence in your information security efforts because your IT team is well-versed at protecting networks and data assets. But what about the business processes themselves, or the people responsible for the day-to-day operations of those processes?

Corporate security is an essential part of any organization, but all too often the role of security has remained overly focused in information technology. In essence, it’s been about creating a sturdier door with a more pickproof lock. But that’s changing. Today, security leaders are being called upon to not only manage protection and mitigate the consequences of risk, but also to proactively identify potential risks and to become better aligned with the organization’s values and ethics-based objectives.

Security policies are not at fault, nor do data protection protocols lack in scope. All things considered, security measures are more efficient than ever before. But the malfeasants have also become savvier in their efforts. A recent KPMG study, “Who is the Typical Fraudster?,” found that for more than one in ten fraud events, fraud was committed by individuals who colluded to circumvent otherwise good anti-fraud control measures – almost double the number reported just five years ago.

Corporate initiatives that are integrated enterprise-wide at the various touch-points along the compliance lifecycle serve to connect risk management activities with security’s role as the corporate guardian. Such an approach serves to strengthen an organization’s collective security posture and enables it to minimize the potential for fraudulent or unsafe activities, thus guarding against risk. This integrated approach to governance, risk and compliance (GRC) works in conjunction with existing data protection and security measures to align policies and standards of behavior (e.g., code of conduct) with the ability to monitor and track components such as training, policy violations, issue management and corrective action activities.

Traditionally, risk management has been more aligned with the finance and audit functions and separated from compliance activities. As a result, resources are often duplicated and compliance data is siloed according to the particular segment of the business. This creates an environment where risk is more difficult to detect and correct. Risk management that is more business-driven and values-based requires that the security and compliance functions seek common ground in a collaborative effort to both reduce and manage risk.

While the chief security officer (CSO) is responsible for digital security and the safety of employees, facilities and assets, the chief compliance officer (CCO) is responsible for implementing policies and procedures that are in sync with the organization’s values and risk tolerances. It is the CCO’s responsibility to ensure the company is compliant with all necessary laws and regulations and kept aware of any regulatory changes.

When changes do occur, the CSO and CCO must:

Adjust corporate policies and procedures accordingly and communicate those changes to every employee
See eye to eye and work to understand each other’s priorities and capabilities
Come to rely on one another to maintain a secure and compliant organizational structure

Teamwork in this department is entirely necessary for survival. Just as technology has led to improved security measures, Web-based technologies are evolving to drive business process improvements for compliance. These technologies automate the process of detecting security threats posed by people and the processes they use rather than by networks and data assets. When combined with traditional security tools, these new compliance technologies provide an additional layer of protection and greater actionability. By getting ahead of baseline, required compliance, CSOs and CCOs can create compliance processes uniquely tailored to their environment and help to secure business against opportunistic, creative thieves.

Security and compliance leaders face a common foe – risk – and everyone can agree that managing risk in an organization is essential for sustained growth. By giving credence to compliance initiatives, organizations provide their employees a better sense of confidence in the security tools being used and the rationale behind them. Leveraging an integrated GRC initiative better positions the enterprise to minimize fraudulent behavior and protect assets and reputations as they guard against risk.

Luis Ramos is the CEO of The Network, a leading provider of integrated governance, risk and compliance (GRC) solutions that help organizations mitigate risk, achieve compliance and ultimately, create better, more ethical workplaces. Luis has more than twenty years of experience in risk management and compliance, and his thought leadership has been featured in publications including National Underwriter Magazine, Risk Management Magazine, Loss Prevention and Ethikos.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Drive Down Risk by Leveraging Compliance

Related Articles

Related Events

Report Abusive Comment