Focus: Perform Business Opportunities with Governance (ESRM) Culture !
There are many CEO or CFO that prefer to delegate for CISO, CIO or others hard decisions like that without promote a environment where more members of the Board, Directors or even others top managers been envolved and can evaluate too. Even more if the Organization don´t have a Corpore Governance stabilized, standards and controls that will support to evaluate a complete scenario that must analyze activities like Risk, Internal Control, Internal Audit and a low profile of Governance Culture.
In order to achieve their business goals planned and promote fine adjust for the next business cases, you must do better and faster than your competitors or create new business deal, there isn´t more time to do business as usual. In both cases the company must think about risks and the best way to do without business impact, mainly if the competidor already did, i.e they invested in process, resources and in technology to perform better !
Business Culture ! Business Maturity ! Or do you believe in luck and because are some top managers that have competence and experience to produce the same business performance ! Please let me know how the company will obtain Culture and Maturity without Governance !
Many bad business happens because the Governance Culture in the Organization couldn´t work well and couln´t alert for risk scenarios or even couldn´t motivate that others many activities very importants were trigger to assure lessbusiness impact. So, what kind of organization are you included ? Which scenario you will choice ! And which skill that you have to do the right things without Culture of the Governance !
Example: see below four scenarios, choose, argue and in the next year bring your results and listening the others !
The Organization will review their GRC culture and maturity level to became more adherent with the risk scenario demanded for their Business aim !
"ESRM is a security program management approach that links security activities to an enterprise's mission and business goals through risk management methods. The security leader's role in ESRM is to manage risks of harm to enterprise assets in partnership with the business leaders whose assets are exposed to those risks. ESRM involves educating business leaders on the realistic impacts of identified risks, presenting potential strategies to mitigate those impacts, then enacting the option chosen by the business in line with accepted levels of business risk tolerance."
By John Petruzzi, CPP 2018 Secretary-elect ASIS (*) International Board of Director
(*) Founded in 1955, ASIS International is a global community of security practitioners, each of whom has a role in the protection of assets - people, property, and/or information. Our members represent virtually every industry in the public and private sectors, and organizations of all sizes. From entry-level managers to CSOs to CEOs, from security veterans to consultants and those transitioning from law enforcement or the military, the ASIS community is global and diverse.
The organization will react only with tecnology solutions to solve CyberSecurity vulnerability and GRC Gaps !
The organization will react thru of hybrid solutions in emergency cases when necessary mitigate CyberSecurity incidents !
The organization will build a strong risk management and cybersecurity culture in ESRM with highly effective use of their effort and investment solution.
That include process, people, infrastructure and more AI environment to predict patterns of behavior into digital business scenario and company reputation.
