Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why Digital Risk Officers are necessary for digital transformation

Adrian M. Reodique | May 2, 2017
Frank Vibar, Head for IT Infrastructure, Information Security and Business Continuity of Jollibee Foods Corporation, explains the role and responsibility of this new security role to the delegates of the Computerworld Philippines Security Summit 2017.

Frank Vibar, Head for IT Infrastructure, Information Security and Business Continuity of Jollibee Foods Corporation, explains the role and responsibility of this new security role to the delegates of the Computerworld Philippines Security Summit 2017.
Frank Vibar, Head for IT Infrastructure, Information Security and Business Continuity of Jollibee Foods Corporation. 

The evolving and growing complexity of cybersecurity in the digital transformation (DX) era is driving the need for a Digital Risk Officer (DRO) in organisations, said Frank Vibar, Head for IT Infrastructure, Information Security and Business Continuity of Jollibee Foods Corporation. He was speaking at the Computerworld Philippines Security Summit in Manila last Tuesday (25 April 2017).

Vibar explained that DROs should focus on understanding the impact of security in the business, communicating it with top management, and helping them understand the importance of investing in security.

As such, besides knowledge in the business, Vibar noted that a DRO must also have a "background in security because he/she needs to champion security within the whole organisation. When we say security, it is not just physical security or just IT security, but the whole security including risk, and privacy."

He added the DROs will manage Chief Information Security Officers (CISOs) and other security and risk management roles on physical security, business continuity, audit, and privacy.

 

Developing a security strategy for digital transformation

In his presentation, Vibar also advised businesses to create a compelling vision of trust and resilience goals when developing a security and risk strategy for their digital transformation.

In addition, they must expand the traditional objectives of confidentiality, integrity, and individuality to include safety. "Digital attacks with physical impacts are no longer a novelty... IT security must also now deal with safety risks," noted Vibar.

He added businesses must embrace the six key principles of resilience that will guide them on strategising and making decisions daily. These include: protecting business outcomes, empowering users, being able to detect and respond to security threats, addressing the needs of the people, controlling data, and doing risk-based compliance.

Lastly, Vibar said the strategy must involve developing and maintaining an adaptive, context-aware security architecture that will allow organisations to effectively respond to continuous changes in the business, technology, and security.

---

Other stories from the Computerworld Security Summit Series 2017:

 

Sign up for CIO Asia eNewsletters.