| | April 20189CIOReviewAs "big data", artificial intelligence and the internet of things, continue to expand, CIOs must also determine how to incorporate these capabilities into their companyInformationSecurity and PrivacyUse of IT as competitiveadvantageStrategy to deliverIT within CompanySystemAvailabilityJohn Schaefercontractual and information security measures to ensure that key data is secure. If a business partner has access to key data or networks, the partner must also be monitored and corrective actions need to be implemented through the team that is managing the vendor's overall performance. In addition to managing security and availability risks, CIOs can use IT risk management to improve operational efficiency and scalability and to exploit strategic opportunities. As just one example of improved efficiency, the use of cloud providers has enabled many companies to reduce the cost of providing information technology throughout the company in much the way that enterprise requirements planning systems streamlined operations years ago. As "big data", artificial intelligence, mobile capabilities, virtual and enhanced reality, and the internet of things, continue to expand, CIOs must also determine how to incorporate these capabilities into their company. In some cases, these potentially disruptive technologies create fundamental challenges to an industry or company, but they also provide large opportunities to provide new products and services to existing customers. To be a strategic partner in these discussions the CIO must have the trust of business leaders throughout the company. Having the CIO involved in these discussions is very important because they understand not only the technologies, but also the related risks. Many companies have already started down the path of comprehensive, collaborative information technology risk management. Some factors contributing to the success of this approach include:1. Organization: The higher in the organization CIOs report, the more likely they are to focus on strategic risks and to have the influence to drive comprehensive risk reduction. 2. Tone-at-the-top: Regardless of reporting structure, the message that the CEO sends about managing all risks will strongly affect the success of a risk management program. Accountability is also emphasized and clear decision processes are in place.3. Governance: Broad participation in steering committees can inform CIOs of business risks and can facilitate reduction of the threat.4. Cross-functional teams: Topic specific cross functional can be formed to address areas such as privacy compliance, reduction of insider threats, management of third-party data sharing and use of cloud service providers.5. Employee training: the more people that are aware of potential issues, and the benefits of risk reduction, the more successful the program will be.A comprehensive, collaborative approach to managing the risks of information technology is the best way to ensure that companies can meet their objectives with the lowest practical potential for costly disruptive events.
<
Page 8 |
Page 10 >