5 IT Governance Factors to Keep Top of Mind
When it comes to IT governance and managing risk, IT departments should keep a few factors top of mind.
22 April 2014
It’s safe to say that every organization knows that it’s important to have security in place when it comes to their IT governance framework. Whether you’re an accountant on a team of one, a non-profit agency or a large bank, you are likely holding data that’s sensitive and could compromise your clients, and in turn, your company.
But do you really have the framework in place to mitigate the risks organizations run every single day when it comes to keeping data safe? Simple habits like locking your computer when you leave your desk and erasing a conference room white board, are easy. Some companies have reminders and training for employees around things like this. But that’s only one small part.
When it comes to governance and managing risk, IT departments should keep a few factors top of mind:
- Define responsibility - Structure policies to ensure decisions are made to help the organization achieve an acceptable level of risk.
- Trust your CISO - CISOs should be trusted to make calls about major security vulnerabilities and implementation priorities. Trust that who you hire can handle these decisions about how to best protect your company.
- Have a crisis team in place – Cyber-security needs to operate like a crisis team. Have a plan and team in place in case there is a breach. Know who to call BEFORE something happens.
- Define company policies - Well defined policies can be critical to managing an organization’s risk. Policies should be treated as living documents, and updated as often as necessary. Train staff regularly to make sure they understand and are compliant.
- Build the right framework - Perhaps one of the most important factors, is ensuring that your IT security framework stands up to the risks your organization may face. Consumer-grade systems likely aren’t appropriate for a company. Look for SaaS that mitigates risk, complies with regulatory issues in your industry and is easy enough to use that your employees won’t start looking elsewhere.
The bottom line is that no one is perfect, but by paying attention to the framework you have in place and setting it up properly, you are a lot more likely to avoid the headaches of the likes of folks like Target…
Esther is a senior corporate communications manager at Intralinks. She provides content for internal and external communications activity as well as general corporate positioning in order to support overall company objectives. Esther has been creating communications materials for a variety of organizations and companies for more than 10 years. She graduated from Rutgers University with a degree in English Literature.