Governance & Risk Management , Next-Generation Technologies & Secure Development , Threat Intelligence
Why We Need a Holistic Risk-Based Approach to Cybersecurity
FAIR Institute’s Nick Sanna on Benefits of Risk-Based Approach to CybersecurityCybersecurity organizations are constantly monitoring systems for signs of a breach and patching vulnerabilities, but the real focus should be on enterprise risk. Nick Sanna, president of FAIR Institute, makes the case for implementing a risk-based approach to cybersecurity.
In this interview with ISMG at the London inaugural summit of the Fair Institute, Sanna advised organizations to follow the core principles of cyber risk oversight:
- It's not a tech problem, it's a strategic risk problem;
- Boards need to understand their risk responsibilities, beyond compliance with regulations;
- The need to access adequate expertise, where digital risk is core;
- Management needs to provide a cybersecurity framework - comprising both technical and management, making clear who does what and the structure behind the operations;
- Management must assess and report risk (not the board who oversees the risk);
- Boards should encourage system reliance and collaboration.
Sanna, who is also CEO of RiskLens and board member, ISA, is a serial high-tech entrepreneur who helps large organizations close the gap that separates IT from the business. His current focus is on helping translate cybersecurity risk in a common financial language that everyone can understand so that cyber risk can be proactively managed from the business perspective.