Keith Jonah
CMC Practice Leader, ISA Cybersecurity
“What’s next?” — The question plaguing businesses trying to manage corporate cyber risk. Complexity and risk are increasing as the domains of security, privacy, and data management converge. This is the convergence of cyber risk.
Businesses that don’t adapt to this new reality can face dire consequences: business-risk decisions made in isolation will drive up costs through redundancy and inefficiency. Projects initiated without context won’t deliver the highest return on cyber investment, nor address the most pressing corporate needs. As the lines between security, privacy, and data management dissolve, a decision in one area can affect multiple aspects of the enterprise.
Bringing order to chaos
But this “Convergence of Cyber Risk” creates opportunities as well. Adopting a holistic view of cyber breaks down the traditionally siloed areas of security (information technology, operational technology, internet of things, and more), compliance, business continuity, third-party/supply chain management, personnel, and privacy risk. Taking a risk-based approach — rather than chasing the latest technology or a flashy point solution — brings order to chaos. Security, privacy, and data management initiatives can be driven by well-coordinated and defined corporate requirements and shaped to address all cyber legislative/regulatory requirements, governance, corporate policy, industry standards, and control objectives. When security, privacy, and data management services (people undertaking process with supporting technology) work in harmony as part of a cohesive cyber framework, the organization moves from the tactical to the strategic.
When security, privacy, and data management services (people undertaking process with supporting technology) work in harmony as part of a cohesive cyber framework, the organization moves from the tactical to the strategic.
A new era equals new opportunity
The starting point for a comprehensive cyber program is “by-design” compliance with regulation and legislation. Then, applying a risk management paradigm ensures that the organization addresses real-world risks cost-effectively and balances those risks against other critical organizational imperatives, such as ensuring timely, effective, and efficient services.
ISA Cybersecurity’s Cyber Management Consulting (CMC) practice helps businesses benefit from the convergence of cyber risk. CMC is led by some of the most accomplished and experienced experts in Canada and backed by an extensive network of cyber professionals developed over 30 years in the business. We ensure appropriate rigour and internationally-recognized techniques are applied to the analysis and management of security, privacy, and data management risk and the development of programs and solutions. We can help you decide, “What’s next?”
