10 Information Risk Imperatives for 2010

The  2010 information risk landscape will be defined by continued uncertainty in the broader business environment and the ongoing evolution of enterprise boundaries.  Organizations that effectively manage the downside risks to information in this environment will be well positioned to take advantage of the new opportunities that such an environment brings.

IREC has just published our 10 imperatives for 2010 that CISOs should consider in advance of the new year.  In particular, CISOs should be prepared for structural changes on four fronts:

  1. IT Architecture – More widespread adoption of cloud computing technologies will mean that IT infrastructure and data increasingly reside outside of traditional enterprise boundaries, beyond the direct control of the IT and Information Risk teams.
  2. IT Innovation – The ease of adoption associated with social media technologies, Windows 7 (which most organizations will be using by 2011), and other user-developed applications platforms means that business users, not IT, will be driving some of the most visible and potentially risky changes in IT.
  3. Risk Ownership – New regulations on the horizon and a board-level focus on cross-functional partnerships dedicated to risk management means CISOs will be called upon to share risk ownership with an increasing number of partners.
  4. Geographic Diversification – With limited growth forecast for OECD economies in 2010, many enterprises will be shifting emphasis into higher-growth but less familiar emerging markets, potentially requiring additional risk assessment and bespoke mitigation solutions.

After the jump, I’ve included the full list.  If your company’s not a member of the Council but you’re interested in more details, shoot me an e-mail at gyoung (at) executiveboard (dot) com.

What trends did we leave out?  What trends are most important to you?

IREC’s Ten Imperatives for 2010

1: Don’t Count on Security Budget Growth in 2010
2: Focus on Employee Carelessness as the Number One Threat for Enterprises
3: Prepare for a Lot More Shared Responsibility
4: Prepare for Global Expansion, but Be Flexible
5: Ignore Social Media at Your Peril
6: Expect Greater Involvement in Regulatory Compliance
7: Leverage ISO to Reduce Assurance-Related Costs
8: Beware of User-Developed Applications
9: Expect Windows 7 Adoption to Trigger Desktop Re-Architecture Decisions
10: Be Ready for Cloud Computing Adoption

Explore posts in the same categories: Risk Management, Strategic Planning

Tags: , , ,

You can comment below, or link to this permanent URL from your own site.

One Comment on “10 Information Risk Imperatives for 2010”

  1. […] IREC Blog Thoughts on information risk « 10 Information Risk Imperatives for 2010 […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: