Scott Crawford, a security expert and research director with Enterprise Management Associates, offers his advice for minimizing security risks within IT Understand the risk. IT creates business risk, notes Scott Crawford, a security expert and research director with Enterprise Management Associates. Knowing what those risks are is the first step in managing them. The increasingly prevalent insider threat should be addressed through access control and identity management systems. Treat IT risk management as a business investment. Aligning IT risks with business requirements will help you allocate the resources you need to manage those risks, Crawford says. Reevaluate risks regularly. Periodic reevaluation of risks and controls should be part of any business’s IT control strategy, not just when a problem occurs. Nevertheless, you should reevaluate your risk management strategies if your controls fail, as they apparently did at Société Générale. Use the right controls, and make them secure. You can have all the controls in the world, but if they can be easily compromised they won’t do you much good. Likewise, if you have the wrong controls, or not enough of them, you’re equally ill-equipped to manage risk. Implement the proper controls and grant access to your systems to only the right people, Crawford advises. Then monitor and constantly reevaluate the controls. Compliance isn’t the same as security. Securing your systems and data may make you compliant, but being compliant doesn’t necessarily make you secure. If your controls satisfy your regulatory requirements, but don’t mitigate risk, then they are not adequate. Related content brandpost The steep cost of a poor data management strategy Without a data management strategy, organizations stall digital progress, often putting their business trajectory at risk. Here’s how to move forward. By Jay Limbasiya, Global AI, Analytics, & Data Management Business Development, Unstructured Data Solutions, Dell Technologies Jun 09, 2023 6 mins Data Management feature How Capital One delivers data governance at scale With hundreds of petabytes of data in operation, the bank has adopted a hybrid model and a ‘sloped governance’ framework to ensure its lines of business get the data they need in real-time. By Thor Olavsrud Jun 09, 2023 6 mins Data Governance Data Management feature Assessing the business risk of AI bias The lengths to which AI can be biased are still being understood. The potential damage is, therefore, a big priority as companies increasingly use various AI tools for decision-making. By Karin Lindstrom Jun 09, 2023 4 mins CIO Artificial Intelligence IT Leadership brandpost Rebalancing through Recalibration: CIOs Operationalizing Pandemic-era Innovation By Kamal Nath, CEO, Sify Technologies Jun 08, 2023 6 mins CIO Digital Transformation Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe