Hitachi

U.S.A.

Hitachi Group Global Network

Americas

Asia

Europe

Middle East and Africa

Oceania

Close

Risk Management: Why Perspective is Essential
You are here: Home \ Tips & Tricks \ Risk Management: Why Perspective is Essential
Risk Management - Why Perspective is Essential
Posted on Friday, October 28th, 2016 by

Everybody deals with risk management. Including you! Here is what I learned.

Performing Your Own Risk Assessment

We recently relocated to the Canadian West Coast for work, to enjoy the lifestyle living by the ocean brings and to focus on new challenges for Hitachi Systems Security. We heard lots of concerns from family, though, on the risks we’d face. The price of housing would put owning beyond our reach and the cost of living would be so high that it’d be impractical to live at our current lifestyle.

Before we moved, we did our own ‘family-based’ risk assessment. We reviewed the cost of groceries, gas, and car insurance. We looked at affordable options for housing, and how easy it would be to get around our newly chosen home on public transit.

In my career, I’ve had to do a similar exercise as I moved from one project to another, and from one organization to another. The risks I thought I would face during a project may or may not have materialized, but that didn’t mean I should automatically bring the perception of those risks to my next assignment.

 

Dealing with New Types of Risks

In many ways, working on a variety of projects, initiatives, programs and careers offers security professionals the opportunity to broaden our risk horizons. New projects and initiatives bring new types of risks, ones we may not have considered in previous engagements. One of the appeals of our industry is the chance to move vertically within our current organization as well as horizontally either within our company, or in completely different industry segments.

Risk management and the principles of assessing risks to our organizations must remain a constant in our profession. I find myself constantly revisiting the ISO 31000 principles and guidelines now that I’m consulting again and I find new interpretations of this valuable document on a regular basis. I’ve immersed myself (once again) into the books on my Information Security bookshelf, focusing on relevant controls and processes that I’ve used in past lives, but now need to adjust for a new group of clients.

Part of this internal review is becoming familiar with the context of risk facing organizations and becoming more aware of how the organization operates its business ethics and the drivers motivating the organization. You cannot do this from an armchair, nor can you simply rely on news and the media to provide this context. You have to ‘move’ into that environment, albeit for a short time, to truly understand the business your client (or organization) operates within.

 

Identifying Risks in Hindsight

This brings me back to the warnings we received from some of our family and friends about our pending move. We were told we’d hate the weather, it would rain all the time, and we’d never see sunshine.

Well, we’ve had a chance to ‘live in the context’ of our new environment and have reduced our exposure to these perceived risks. We’ve assessed our standard of living, and we can state it is about the same as we are used to. The weather has about the same amount of rain as where we came from and we’re looking forward to a winter that won’t include -40 Celsius and centimeters of snow. And we’re still able to eat some lovely, locally farmed vegetables and fruits while enjoying some amazing regional wine as well.

Security professionals sometimes bring past ‘risk baggage’ with them to their next assignment or organization. We can’t always leave these preconceived notions behind, but we must make sure to temper our perceptions of risk at our new assignment based on sound risk management principles. We can’t go wrong if we go back to read the books on our Information Security bookshelf every now and then.

Tim McCreight
About author:
Tim McCreight is the Director of Strategic Alliances for Hitachi Systems Security.Prior to joining Hitachi Systems Security, Tim acquired over 30 years in the security industry with leadership experience in both the physical and information security realms. He held executive positions at a number of organizations, notably as the Chief Information Security Officer (CISO) for the Government of Alberta and as Director, Enterprise Information Security for Suncor Energy Services Inc.Tim has presented as a keynote speaker at conferences across North America on such diverse topics as enterprise risk management, converged security, and implementing enterprise information security programs. Tim was awarded his Master of Science in Security and Risk Management (with Merit) from the University of Leicester and attained his CISSP, CPP, and CISA security designations.Tim was interviewed by Canadian Security Magazine in 2011 for his work as CISO with the Government of Alberta, and is a regular columnist for the magazine. Tim is also the international Chair for the Information Technology Security Council with ASIS International.

Latest Webinars | Watch Now

 

The Next Generation of Managed Security, in collaboration with PCM.

Watch Now

Reporting Data Privacy Obligations to the Board: A Practical Approach to Ongoing Compliance, in collaboration with Nymity.

Watch Now