About BWise

Blog

Gartner Security and Risk Management Conference, June 2016

June 22, 2016 by
Filed under: Governance, Risk and Compliance, IT GRC, Information Security

Last week BWise attended the Gartner Security and Risk Management Summit with 3,000 of Information Security attendees from around the globe. The 4 day event opened with a keynote session by Felix Gaehtgens, Peter Firstbrook, and Jeffrey Wheatman from Gartner, highlighting a bold vision for today’s digital business environment, in contrast to the previous years’ primary focus on protection and prevention.


Making Information Security Resilient

The keynote theme focused on making information security resilient. It stressed the importance of viewing security threats in a business context and clearly tying the threats to the harmful exposures that InfoSec professionals aim to protect the company against. Instead of saying ‘no’ to new digital business initiatives, and/or explaining the security limitations, the speakers recommended presenting the business choices to management, while balancing between acceptable risk (risk appetite) and business performance goals. From our perspective, it was encouraging to hear others speaking ‘our language’, knowing the solutions we provide are specifically designed to meet exactly that: both the business and risk team’s needs.


Risks are strategic; security threats are tactical

With any new digital business initiative risks factors can include: reputation, profit variability, liability, and compliance. The consequences of these risks could be;

  • Brand damage
  • High recovery costs
  • Being held liable
  • Regulator-imposed fines, ceased expansion opportunities, or more serious measures

These risks and consequences are the topics that management needs to understand more clearly. Clear communication and transparency about the information security implications of these risks should be the foundation for the advice the InfoSec team provides when evaluating the efficacy of new business plans and activities to achieve strategic goals.

This doesn’t mean that companies should stop their technological advances and efficiencies. As Gartner stated, it’s impossible to be 100% secure, as that would mean ceasing or limiting new digital business initiatives. Ultimately, management can decide to accept certain risks, and if bad things happen, it’s all about how to detect and respond to them.

So when the InfoSec teams collaborate with the business on possible courses of action, they should not only talk about the threats, but make sure their story relates to the key risks and the measures toward resilience.

No Single Version of the Truth

I really like this vision as it is a perfect match with our new BWise InfoSec Solution. Our solution is designed to address the overlap in functionality within the security technology landscape, with no “one single version of the truth.” It provides the connection to the business relevance of IT systems. Our system sits on top of all existing Information Security platforms, policies, procedures, and regulations. It includes predefined user level functionality, regulatory reporting, board reporting, audit reporting, and stress testing functions for Information Security across the enterprise. The Nasdaq BWise platform streamlines reporting from all systems and gets the right information to the right people, at the right time, reducing overhead spend and overall InfoSec budgets. By implementing BWise InfoSec, organizations are no longer dependent on highly technical individuals to translate system output and simplify the information for non-InfoSec executives. As a result of these efficiencies, they’re able to make critical decisions in nearly real time.


Tags: GRC, IT GRC, Information Security

More Information

What is GRC?

Read the definition of Governance, Risk and Compliance


Gartner ORM report

Nasdaq's BWise has been positioned as a Leader in Gartner's Magic Quadrant for Operational Risk Management Report, 2015. 


Forrester report

Forrester positioned Nasdaq BWise as a Leader in New Report, The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016.


Why BWise

Download the brochure: Three Key Reasons why Hundreds of Customers Rely on Nasdaq BWise.

Scroll up