- Rapidly Changing Compliance Regimes Due To PandemicPosted 4 hours ago
- Higher Ed Wants Liability ProtectionPosted 4 hours ago
- Privilege Upheld For In-House Investigation, Despite Previous “Summary” ReleasePosted 3 days ago
- Employers Soon To Be Immunized Against Covid-19 LawsuitsPosted 4 days ago
- California Files Suit Against Studios, Producers of Criminal MindsPosted 4 days ago
- SBA Server Caused Bank Info LeakPosted 5 days ago
GC Should Lead Security Management and Risk
Executive Summary of an article written by
Thomas Yohannan, Aon Cyber Solutions; Paul Lanois, Fieldfisher; and Brett Williams
General Counsel are leaders in enterprise risk management and should therefore have a central role in the company’s information security methodology. The GC is broadly aware of an organization’s risks and objectives, maintains a good understanding of its clients and its internal stakeholders, has a normative legal framework and a sense of how to provide risk mitigation.
A Chief Information Security Officer’s value may only be fully realized when a cyber incident occurs. The CISO can become a crucial driver of not only digital transformation but also risk management, as effective information security practices are vital both in preventing a successful incident and responding to one. Legal professionals understand risk management, and its related urgency. Not being aware of statutory requirements can prove costly to the companies, not to mention the harm to reputation that may follow. Again, a clear argument for promoting the GC/CISO alignment.
Successfully meeting risk mitigation obligations is a cooperative effort. A partnership must exist across the enterprise between the GC, IT, and security organizations to establish the proper controls and enlist executives to meet these obligations.
Given the continually changing skills required in each of those domain areas, the GC is in a position to lead this collaborative effort. Reporting to the GC may provide the foundation for what CISOs should be focusing on next: moving beyond the security silo to play a central role in overall business leadership.Read the full article at:
Today's General Counsel