In particular, they extend themselves well beyond the initial risk assessment that enterprises use to simply compile and rank information security risks. After conducting a risk assessment, these leaders connect the risk management program to the strategic business unit planning process. In fact, the boardroom initiates this leadership and presses it upon everyone in the company starting with the C-suite.
"They include it in active discussions and tie it to forecasting for every business process they run," says Schwartz; "it's all by design and very transparent and obvious."
Supporting the business
Risk never dies. That doesn't mean you have to merely transfer it when you can translate it into profits. "Suffering negative impacts from risk is not inevitable. By integrating risk management into the business lifecycle and developing an effective strategy, the enterprise can achieve an enormous competitive advantage," says Schwartz.
Sign up for CIO Asia eNewsletters.