ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > IT risk leaders: Does 2013 pose triple threats or triple treats?

IT risk leaders: Does 2013 pose triple threats or triple treats?

| Posted at 11:37 AM by ISACA News | Category: Risk Management | Permalink | Email this Post | Comments (0)

Brian BarnierCloud, mobile and data—is this a triple threat to privacy or a triple treat for productivity?

Your response to that question likely informs how you plan to build your professional reputation and business value in 2013. And the IT Risk/Reward Barometer, recently released by ISACA, can help you in that mission by providing insights from your colleagues.

Consider this:

  • In each regional survey in the IT Risk/Reward Barometer, respondents claimed that BYOD risk outweighs benefit.
  • Most see more risk than benefit in public clouds.
  • Most do not have a policy that prohibits taking mobile devices with company data across national borders.
  • Most do not track whether geolocation services have created security problems.
  • At one conference I attended, no attendees had checked the privacy policy of popular commercial apps for conformance to their companies’ policies.

In contrast, look at technology market trends:

  • BYOD and broader mobile-device use is growing.
  • Cloud use is growing.
  • Businesses are becoming more international while governments are asserting their right to data, all while industrial espionage is increasingly becoming sport.
  • While still rare, reports of geolocation-app incidents indicate more risks to personal safety and more industrial espionage.
  • Data explosion continues. Data privacy will always have gaps, and those gaps are more likely where users are empowered with business-intelligence tools on portable devices.

To add to this, just over 40 percent of IT Risk/Reward Barometer respondents weren’t aware of their cloud budgets.

When I speak at workshops and conferences, these data points are widely corroborated. Based on those with whom I speak, the best explanation is the serious disconnect between IT and business people. We have trouble communicating. This disconnect is hardly a surprise, as ISACA research has illustrated it and COBIT 5 attempts to build a bridge with business-IT objectives.

So what can we do with this information? I see a number of opportunities for action in 2013:

  • Proactively explain to business leaders the pros and cons of risk-reward combinations to help them get more value from cloud, mobile and data investments.
  • Leverage ISACA volunteers and the guidance they have created.
  • ISACA members can seek help in Knowledge Center communities.
  • ISACA members can get involved with local chapters to plan programs that take advantage of primary resources.

Those professionals who will stand out in the coming year will be the ones who take the time to make a difference.

Brian Barnier
ValueBridge Advisors
Author of The Operational Risk Handbook (Harriman House)

Continue the conversation…engage with your peers in the Risk Management section in ISACA’s Knowledge Center.

We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post. To view all blog posts, please click on the ISACA Now link in the blue box on the left.


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.