To clarify the title of this article, the terms “risk management” and “information security” need to be seen under the umbrella of the financial impact each has on the overall company. Both collectively, because one has a significant impact on the other, and separately because each has its own impact on the company in the event of a negative data event such as a Distributed Denial of Service (DDoS) attack. While each can respond separately to an incident, collaboratively their response will improve business performance.
Data Security
No business large or small is immune from the possibility of a data breach or a DDoS attack. Foreign countries, competitors or individual profiteers have their own motives for accessing corporate and customer information. This makes information security a high priority for every company and assessment of the damage in the event of compromised information a priority for risk management. Coordination of, and cooperation between, these individual departments is essential to get the company up and running normally as soon as possible.
Risk Management
While risk management sounds like an assessment of a company’s financial position to insure it against financial loss, it is more than that. The processes and procedures to invoke in the event of a negative company event is also in the purview of risk management. While in the past risk management conducted its affairs separately from IT, the recent outbreaks of data breaches have had companies looking at a more coordinated effort to limit the effects of a data breach with respect to business continuity.
Business Continuity
This is the key added term that improves both business performance and continuity in good times or bad. By coordinating the efforts of both mission critical departments, the focus goes beyond an in-house data breach or financial loss and extends out to the web and ecommerce. Since the Internet connects a number of external businesses such as banks and suppliers through a company’s ecommerce site, being able to continue business in the event of a negative event is essential. A company’s financial transactions often flow through the Internet, and its day-to-day business activities are more exposed because of these connections. The continued analysis of threats and data security improves business performance and continuity.
The reason for this is that the interconnection between the information and financial sections of the company can ensure that the maximum level of data security is achieved. In the event of an unexpected negative incident, procedures can be immediately executed to minimize any potential damage to the company’s data or sales. It is during the time of the initial discovery when both systems are at their highest level of risk of being compromised. Linking risk management and information security guarantees a quick and effective response without the need for conference calls or meetings that consume valuable time.
Business performance is improved not only due to a guaranteed business continuity, but the regular evaluation of business practices that are central to the day-to-day operations of any business. Such an approach demands a proactive response before a disaster strikes. Instead of looking at a disaster in hindsight and working to prevent the event from recurring, companies should improve their business operations in the here and now. Responses will then be planned and valuable time will be saved.
