Moving from Compliance to Risk-Based Security: CISOs Reveal Practical Tips

CISOs Checklist: Effective Communication & Influence

The emergence of strict compliance requirements helped bring much needed attention to IT security programs, but aren’t often aligned with business goals. A risk-based approach helps insure continued compliance but more optimal security controls in areas that matter most to the business.

CISO’s are on the forefront of helping companies make this important shift, and are learning firsthand what it takes to be successful.

In this report, you’ll find practitioner tips and advice on topics such as:

  • Compliance becomes just one factor in the risk profile. The regulations are still there, but everyone needs to start thinking in terms of acceptable risk levels versus a compliance checklist.
  • Tolerance for risk changes over time. Frequent conversations about what department heads and senior management are comfortable with promotes awareness across all lines of business.
  • Making risk management work. As organizations move to a risk- based approach, they can explore assessment platforms, work to create risk profiles and partner with third-party providers to perform risk assessments.

Member Quote from the Report:

“If you have executive support, risk management can work, but it’s not something that you’re going to be able to just flip a switch and have it start working. There are a lot of conversations that need to occur, and people need to agree on baselines, scoring and a lot of other elements.”
—Wisegate CISO member
To read the full report, complete the form and click “DOWNLOAD NOW”.
Who is Wisegate? Wisegate is a peer-based research community for senior IT professionals, with first- hand insights and actionable knowledge from the best source available—the collective wisdom of IT leaders from across the industry.

Through live discussions, online Q&A and polls, and shared tools and templates, Wisegate offers a practical and unbiased information source built on the real-world experience of veteran IT professionals. See if you qualify for membership today.