BUSINESS INSIGHTS this data and making informed decisions to mitigate risks is a complex task . It ' s important to note that addressing this resource challenge goes beyond merely allocating physical assets because competing with machines and their data capabilities is increasingly difficult .
To overcome resource limitations , it ' s crucial to ensure that data tells a meaningful story . This means not only analysing the data but also using it to convey different narratives to various audiences within an organisation . Whether it ' s the risk department , finance , executives , Human Resources or others , understanding the key data points and how they can be used to project different scenarios is of paramount importance in addressing resource inequality effectively .
When confronted with resource shortages that might impact security operations , what strategies do you believe are most successful in managing and resolving these issues ?
Privatisation has suddenly become the foremost consideration encompassing more than just IT assets . We ' re not just referring to servers or virtual machines , this pertains to the full spectrum spanning public and private clouds as well as individual laptops and mobile devices . It is important to understand that not all assets are created equal . So , when prioritising , you must assess what is significant and where your data resides . Is it predominantly in the cloud , on-premises or on users ' devices ? Without a comprehensive understanding of the data ' s footprint and exposure , devising an effective strategy is unattainable . Resources must be allocated to address what matters but you must understand your exposure before formulating a strategy .
From your perspective , why is fostering teamwork within an IT department crucial for achieving overarching security objectives ?
In the past , IT risk has often been perceived exclusively as an IT concern . If you use Salesforce , for example , you have a server running a fine-tuned system , but we assume that if you ' re the Chief Technology Officer ( CTO ) of the company , you bear the responsibility for this risk . This is a dangerous presumption . It implies that the owner of IT assets is the same as the owner of IT risks .
When we delve into the fundamentals , the risk owners should not necessarily be in IT . If Salesforce is hosted in the cloud , the responsibility for its appropriate risk management does not fall on IT alone but
Henry Jiang , Chief Information Security Officer at Diligent Corporation
on those who wield it to drive customer engagement and fulfil commercial objectives . In essence , the primary owners of IT risk are usually found within the commercial leadership team . They are the ones who extensively employ the system to facilitate customer interactions and execute commercial duties .
The pivot is to stop thinking that IT risk exclusively belongs to the IT domain . When I assumed the role of Chief Information Security Officer ( CISO ), we initiated an enterprise risk management plan to correctly identify the rightful owners of various risks , be it in HR , finance or the
www . intelligentcxo . com
67