GRC, cybersecurity intersection for curbing cybercrimes menace (2)
Dr. Emmanuel Moore ABOLO is the President, Institute for Governance, Risk Management & Compliance Professionals/GMD, The Risk Management Academy Limited.
Identification theft, fraudulent online transfers, payment-card frauds, network assaults, denial-of-service attacks by malicious networks of computers (botnets), ransomware, cyberbullying, trolling and online child pornography are all common forms of Cybercrimes..
They show that nothing is safe on the internet – apart from criminals, it seems. It is incredibly difficult to protect computers, networks and the internet from vandals, pranksters, criminals, terrorists, rogue governments and government-protected agents because networks are too widely used, too complex, too fragmented and too vulnerable to coding mistakes, ignorance and complacency, and too open to be defended.
It’s no misrepresentation: any organization can become a victim of cybercrime. Smart organizations are putting more in cyber security.
A well-planned GRC strategy supported with a GRC platform enables several benefits in the fight against cybercrimes: Improved Decision Making, Higher Quality Information, increased accountability, Increased Collaboration, Enhanced Organizational Culture, Increased Efficiency, Increased Agility, Increased Visibility, Protected Reputation, Better Resource Allocation, Reduced Costs with Optimal Investment Decisions, Reduced Fragmentation within Organization and Preserved Institutional Memory.
Cyber Security is one of the main domains of GRC and Chief Information Security Officers [CISOs] are often the biggest champions of GRC Implementations worldwide.
GRC utilizes approaching security activities in a mature way and enhances the likelihood of achieving security objectives by aligning processes that support each other in the greater context of the security organization.
GRC also enables a company to foster a security organization that is well-coordinated and integrated. If applied well, GRC forms three basic pillars of organizational control to support effective Information Security Management System [ISMS].
However, when it comes to cybersecurity, issues arise if it is expected that the same level of security data and log traffic required by security analysts will also properly serve the needs of managers and risk owners.
These issues can become worse if the focus is one of compliance to a particular standard at a particular point in time.
GRC cybersecurity within the ISMS is like any other risk– it needs to be proactively managed. This means identifying, understanding and managing that risk more effectively for all stakeholders. If we are to improve our operational attitude, we need to consider GRC cybersecurity tools as enablers.
Where applied to cybersecurity, GRC can deliver significant benefits especially when we consider the challenge of monitoring data creation and movement at speeds and scales that would have been unthinkable just a few years ago.
GRC cybersecurity can bond the Information security management system into the organization at all levels, so the relevance of any change in the technological status is known for both its security and business impact.
Business stakeholders need security GRC information and feedback to be translated into a language they can understand and a form that they can act upon. Since cybersecurity is such an important factor in governance there are many different areas where GRC and cybersecurity intersect.
Data Privacy: This is one of the main drivers in increasing the importance of GRC in cybersecurity. Over the past few years, there have been extensive regulations and new strategies applied all over the world for data privacy.
Risk: The link between cybersecurity and risk should not be ignored. Cybersecurity risks are an important factor in the overall risk exposure of the organization. Any organization that does not have sophisticated data security measures in place will not be able to manage risk.
The New Approach: Organizations need a better approach when it comes to cybersecurity. One solution is to understand the importance of GRC knowledge for people in charge of cybersecurity. Cybersecurity personnel in the financial industry are required to know the legal and regulatory requirements of their organizations, and the same approach needs to extend to other industries as well.
A GRC cybersecurity platform is important for organizations that are only now bringing together cybersecurity and GRC. The platform will make the transition into the new model smoother and will also aid employees.
Cybersecurity GRC makes the whole business process more secure. Antivirus software and firewalls can catch the viruses and attacks that are coming in through vulnerabilities in the IT infrastructure; GRC can eliminate these vulnerabilities completely.