Analysts Discuss Key Issues Facing Security Leaders during the Gartner Security and Risk Management Summit in National Harbor
The overwhelming demands on security leaders today can have a paralyzing effect. During the opening keynote address at the Gartner Security and Risk Management Summit, Gartner analysts provided insight to empower these security leaders to take action.
Gartner analysts provided guidance to an audience of more than 3,400 security and risk leaders and practitioners on how to be empowered to adapt their people, processes and technologies to address the old and the new; empowered to transform their approach to risk governance to be more continuous and inclusive; and empowered to scale their security capabilities in other ways than by hiring more people.
Much of this empowerment can come from addressing three simple questions: What’s important? What’s dangerous? What’s real? Gartner analysts took the attendees through a series of scenarios to show how these questions can provide clarity, and in each scenario, the intersection of the questions changed a perception and led to action.
Gartner analysts recommended that security leaders start any initiative from an enterprise-wide risk perspective. Historically, risks have been viewed through a narrow lens, typically that of the risk owner. “A few key practices will greatly help you overcome this obstacle,” said Katell Thielmann, research vice president at Gartner. “First, create and support a culture of accountability with well-established risk ownership and responsibilities. “Next, build an enterprise-wide risk register that accounts for the top risks across all risk domains. Finally, map risk directly, clearly, and defensibly to business goals and objectives.”
The danger can come from cyber risk, which represents an increasingly critical part of the risk puzzle. This is where integrated risk management (IRM) become so important. As an enterprise ecosystem grows, it becomes nearly impossible to understand the interconnectedness of it all. When a problem ripples through an ecosystem, unexpected consequences are likely, but Gartner analysts said overreactions can do more harm than good.
Security leaders need controls that are appropriate for the environment and risk. They need controls that are applicable to more than just a single vendor or technology, and can change as risk and compliance landscapes evolve.