What Makes a Digital Risk Management Program?

Oct 31, 2019 | by Steve Schlarman

Transit systems provide a key service for communities. In some cities – like New York, London and Hong Kong, the local transit system has become a symbol of the power and diversity of the metropolitan area. The NY Subway, the Tube, the MTR – if you are familiar with these cities, you know the major role these systems play in economic growth and the cultural atmosphere. As I wrap up this first phase of my discussion on Digiville and its incredible Digital Risk Management Transit Authority, it shouldn’t be lost on what makes a good transit system – and how that applies to your strategy for digital risk management.

First, transit systems have predicable stops and get you where you need to go. Stations aren’t built out in the middle of nowhere. They are meaningful to the city they serve. They offer citizens convenient transportation to key locations. Major stops – like Central Station or Piccadilly Circus Station – are well known hubs of their cities. Outlying areas of cities needing transportation into key commerce or business centers are connected driving growth and expansion.

Like a good transit system, your digital risk management strategy must go where the people – and in this case, the data - are. You must understand where your business wants to go and where they need to go often. The dialogue between the risk and security functions and the business is critical in figuring out what your corresponding transit system looks like.

Next, good transit systems aren’t a hassle to get on and off. Most large cities have monthly passes and other convenient methods to streamline access. The object is to keep people moving – not get them stuck in lines waiting. Anyone that has seen the streaming flow of people into a subway understands the need for efficient ingress and egress. And we all know what happens when the entrances or exits become clogged – anxiety, frustration and sometimes outright chaos.

The same goes for your risk and security processes. You want your business to be comfortable coming to risk and security teams and confident those functions will help them meet their business objectives.  In the transit system metaphor, risk and security teams should help the business get where they want to go. Provide them with easy, convenient access to resources – whether it is policies and standards or help in understanding the risks related to their objectives.

Finally, good transit systems monitor their activity and are ready for anything. Large cities have operations centers that know what is always going on. They have proactive maintenance schedules, crisis response capabilities and well-established procedures.

This is what Digital Risk Management is all about. Security operations, identity management, fraud management and integrated risk management must converge to provide visibility into your digital business. Using that visibility, you can apply meaningful context to derive insights to prioritize your risks. I have said before ‘Don’t worry about risk; Act on risk.’ Leadership, collaboration and automation play key roles in streamlining processes to act and enable you on your digital journey.

Your customers are priority number one. Today, the privacy of your customers’ data and your responsiveness to crises factor into your reputation with your customers. Trust is core to engaging your customers and must also extend across your ecosystem. You must broaden your risk management capabilities beyond your borders - from enabling a third-party governance program to monitoring the security of your cloud and hosted environments. You need visibility into what your partners are doing with your data while they are helping you build your business. You also need to keep pace with the digital transformation changing how your workforce executes – ranging from secure, convenient access across infrastructure and applications to engaging everyone in your organization to manage risk. And finally, the explosion of devices has created a complex, unending attack surface in your infrastructure for you. As you hunt for the predators on your networks, you must protect what matters most.

These are the pillars of your digital business – your customers, your ecosystem, your workforce and your infrastructure. The challenge facing you now is the need for integrated strategies to navigate risk in this digital world. If you haven’t yet, download the Digiville and DRMTA visual. Take a look, kick it around with your teams, compare it to your organization’s needs. What are the neighborhoods in your Digiville? I am sure you will find lines that you might need to shore up, or stations I haven’t included – or stations I included that prompt you to ask “what was he thinking?”.

The objective, though, is to have that conversation. Ask yourself - what is the next station I need to build in my digital risk management strategy? What line needs maintenance? What part of my Digiville is isolated and in need of good transit service? Remember the attributes of a good transit system – reliability, easy access, ready for anything. When your business leaders throw a tough challenge your way, borrow from the Digital Risk Management Transit Authority’s motto, answer them with confidence and say: “We can get you there.

# # #

Follow this blog series to learn more about Digiville and the DRMTA. Check out the full graphic of Digiville and the Digital Risk Management Transit Map.

Read the RSA Digital Risk Report to learn about the perceptions and attitudes towards risk in the digital world. Understanding the challenges facing your organization is a great way to get started down the path of ‘good habits. Use the RSA Digital Risk Index as a quick assessment for ideas on how you can adjust your strategies as your organization takes on digital business.

Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity

Author: Steve Schlarman

Category: RSA Fundamentals, Blog Post

Keywords: Cybersecurity, Digital Risk, Digital Risk Management, Digital Risk Report, IRM, Risk Management, CISO

Part 4 of the Digiville blog series based on my RSA Charge 2019 keynote.

Catch up with the series by reading ‘Welcome to Digiville’; ‘Exploring Digiville with the DRMTA’; and ‘The DRMTA: Loops and Lines’.

Share