Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to meet the GRC challenge

T.C. Seow | July 23, 2012
Managing risks takes more than just locking down sensitive information. Here's why.

No thanks to the slowing economy and the Euro crisis, organisations all over are now on heightened alert about governance, risk and compliance (or GRC) -- key aspects of how businesses are managed and operated to ensure information security. Increasingly, technology has been called into play, providing timely updates on what needs to be done to help keep things under control, and to avert internal surprises, or worse, that might run fowl of the law.

Caroline Wong, Symantec
Caroline Wong

CIOs already face limited resources and budgets to keep the lights on, so to speak, not to mention the myriad problems that they might encounter just to ensure things move according to plans. Security matters everywhere, yet CIOs often lack the ability to translate technical issues into business sense at the executive table.

In the Know
A recent study of the governance of IT projects in the Asia Pacific has revealed that enterprises have the tendency to prematurely end projects for a variety of reasons. The survey, conducted by ISACA, a non-profit organisation of more than 100,000 IT governance professionals in 180 countries, revealed that 20 percent of organisations in the region have ended or cancelled an IT-related project before it was fully implemented.

Respondents to the ISACA 2012 Governance of Enterprise IT (GEIT) Survey cited various reasons for the cancellations. Thirty-six percent said a change of business needs was the reason, while 27 percent were of the opinion that the projects did not deliver as promised. IT staffing shortage was the reason cited by 45 percent of respondents. Another 41 percent complained of project overrun while 38 percent noted the high cost of the IT project yet there was no clear return on investment.

The survey involved more than 700 business and IT professionals in the AP region. Sixty-eight percent of the respondents come from organisations with more than 1,000 employees.

This trend and reasons cited were a concern for ISACA as they see IT projects as investments. "When IT investment is projected to rise, yet one in five organisations has the experience of halting an IT project in the past year, it is clear that there is a need for more effective enterprise IT governance," said Simon Chan, president, ISACA China Hong Kong Chapter. "Organisations need to protect their IT investments and this is one of the key values governance and management of enterprise IT can offer."

Clearly, organisations will need to develop an effective IT governance process that can address short- and long-term benefits while managing IT risks and increasing competitiveness.

And then there is the risk of data loss. Technologies such as cloud computing, as well as the increased use of e-mail, allow information to flow seamlessly in and out of corporate networks. "The challenge," said In a whitepaper published by ISC2, Rob Ayoub, CISSP, global program director of network security at market research firm frost & Sullivan, said: "The challenge is providing security for all of these interactions, particularly when it's not in the company's network anymore." When employees take their laptops or smartphones home or on the road, "the security protection offered at the office doesn't go with them," he added.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.