This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."
Download it now to read this article plus other related content.
convergence and information sharing
Operational risk is naturally present in all business activities and incorporates a broad range of risks, including reputation, legal and regulatory risk; business disruption and system failures; information security and privacy; employment practices and workplace safety; processing errors; theft and fraud; and damage to physical assets. An organization's ability to drive an effective and practical operational risk management program with corporate-wide governance practices, values and integration sets the foundation for managing these risks effectively. This foundation can be further fortified if we are willing to advance opportunities to converge security and operational risk management disciplines and to share information--resulting in more efficient and effective business services.
Break down internal silos among executive business leadership, risk management, facilities, physical security, business continuity management, fraud, information security, privacy, IT, human resources, compliance, etc., and work together to seek opportunities for operations excellence.
Information sharing also means actively participating in external information sharing
with peer companies. One such example is the Financial Services Information Sharing and Analysis
Center (FS-ISAC), founded under presidential directives and embodying a public-private information
sharing partnership. Forums like FS-ISAC create a virtual fusion center where ideas, threats and
intelligence can be gathered, analyzed and communicated efficiently.
By sharing, issues are identified early in order to contain and resolve risk, impact and exposure to participating organizations. More importantly, it provides a platform to team up against terrorism and other threats that impact our industry and day-to-day lives. By participating in initiatives like the FS-ISAC, we are not alone.
Ultimately, I believe that breaking down the barriers to convergence and information sharing is a broader responsibility we all share--and only by working together can we protect the future of this country's critical financial services infrastructure.
This was first published in October 2008