Why is “The Language of Risk” so important right now? What are the drivers for Business and Security to speak the same language? The answer is change: massive, fundamental change in both camps.
Technology has moved to center stage as a partner in business enablement, and has brought along its associated risks. IT and IT Security see massive changes daily in the very nature of the capabilities and services they provide. Transformative changes and their resulting risks and benefits impact the business enterprise overall.
What changes? EVERYTHING. This is a paradigm shift far greater than that of changing from mainframes and terminals to desktop computing. Potential anarchy lurks, and security risks change hourly. IT Security can no longer manage risk in a vacuum. The risks to IT Security are the risks to the enterprise, period.
It is imperative now for the Language of Risk to be a common element between Business and IT Security. Each of these transformative changes in IT brings the potential for competitive advantage, cost savings and economies of scale. The security risks bring potential for financial ruin, loss of reputation and regulatory fines. Technology evolves, but it is past time for IT Security and Business to define what is essential, the security and availability for the resources required to do business.
We need a common lexicon. We need “The Language of Risk.” Let’s talk.
Here is the opening set of slides from the (ISC)2 2010 Security Leadership Series on Competitive Compliance which outlines how thinking like the business leads to improved communication between parties on risk.