#GartnerSec: Three Key Questions to Ride Risk Management to Success

With security professionals overwhelmed, they need to be able to achieve successful results by asking three key questions: what’s important, what’s real and what’s dangerous.

Delivering the opening keynote at the Gartner Security Summit, research directors Patrick Hevesi and Steve Riley, and principal research analyst Sam Olyaei, said that security is “no longer the same” as components have turned cybersecurity into a “viable public opinion issue.”

Riley argued that professionals are “overwhelmed” by a shortage of risk management expertise, as it often “takes a backseat” to what needs to be done first and disputes over priorities, “and we want to empower you with resources for the greatest impact to empower you to adapt processes, people and technologies,” to be empowered to prioritize, adapt, transform and scale.

Riley said: “The key to empowerment is finding and shaping outcomes, and empowering the users and organizations who depend on you.”

Looking at the three questions, Olyaei encouraged the audience to factor them “for better collaboration, and to consider the customer impact of security controls.”

He added: “Effective communications make risk management real, and Gartner research shows a cultural disconnect between security and the rest of the business. It becomes too easy for significant miscommunication to happen.

“Understand and learn how business departments work, and build message plans tailored to these audiences, so it can align to their goals.”

The analysts gave further examples of “urgent crisis for threat” in the Spectre/Meltdown bugs from January, and “technology transformation” in use of the cloud and hosted email services. 

Speaking on cloud, Hevesi said that moving to the cloud requires controls “which are appropriate for the environment you are protecting and any transformation you undergo,” and he said any controls should be adaptive to the technology “as the compliance landscapes evolve.”

Riley concluded by saying that applying the three questions can help you move from overwhelmed to successful, while Hevesi said that each scenario “shows a level of clarity and inspires an action,” and the analysts encouraged the audience to apply the risk strategy to future scenarios and the three questions. 

“They are equally powerful whether you are facing an individual, organizational or global scenario,” Hevesi said.

What’s Hot on Infosecurity Magazine?