6 Principles of a Resilient Digital WorldGartner's Iyengar on New Strategies to Manage and Mitigate Risks
Security and risk leaders must embrace new approaches to digital business in managing and mitigating enterprise risk. This was the key theme of Gartner's exclusive Security and Risk Management Summit - the first of its kind for Indian security professionals.
Partha Iyengar, vice president and analyst in Gartner's CIO Research-Service and Operation Technology management team and country manager-India, says that security and risk management focus has to be about building resilience for digital business risks.
"The new risk-based approach should revolve around six principles that will help in building a resilient enterprise to mitigate risks and combat threats," he says.
Among those six principles: Stop focusing on check box compliance and shift to risk-based decision making; stop solely protecting infrastructure and begin supporting business outcomes; Accept the limits of technology and become people-centric.
Iyengar says that Gartner's research has also been about discovering new approaches and techniques to respond to risk emerging from all sources of IT - including server, network, cybersecurity, social media, mobile, IoT and end point devices.
However, he says, the most interesting trend is that boards are getting conscious about organizational risk and appreciating its importance. "But the gulf between the CISOs and the board is huge in India because Indian security and risk practitioners are not mapping board-level risks, as they are not spending enough time to understand them," Iyengar says.
In this interview with Information Security Media Group, he discusses Gartner's security research agenda and how security leaders need to map and do risk profiling to mitigate enterprise risk. He provides insights on:
- Innovations in risk management and security;
- Risk management framework involving people, process and technology;
- Lessons CISOs need to learn in developing risk programs.
Iyengar's research interests cover areas of strategic interest to CIOs and their direct reports, including service management and sourcing issues, and the newly emerging areas of IT-OT integration management. In addition, he covers the areas of business and IT strategy, business value of IT, IT measurement (ITScore), CIO leadership issues and the changing role of the CIO in a globalized world. He also researches India and China-related issues in terms of the business, technology and innovation impact these countries have on the global marketplace, and also on how global enterprises can succeed with their IT and business initiatives in these markets.