THANK YOU FOR SUBSCRIBING
WHY:Vishwanath Nair, Head of Information Security and Risk, Western Sydney Local Health District
Currently, the medical industry is facing a major issue where there are more specialists than general practitioners by a ratio of nearly 2:1.
Below are some impacts due to this issue:
• Absence of Strong Relationships leading to lack of Strong doctor-patient relationship; Comprehensive & Continuous care; Better Management of Chronic conditions; Promotes healthy Lifestyle
• Medical care becomes more extrinsic, tactical and less effective
• Imbalance often devalues the work of family doctors
This leads to more temporary and non-personal medical care which for a patient cannot be sustaining and reduces trust in the services in the long term.
Likening it to a Corporate environment, a business leader could be viewed as the patient. Like the patient, a business leader has multiple inputs from experts including IT Service Management, Cyber Security, Operational and Financial Risk teams. These are in addition to the Demand and Account management functions.
Enterprise Security itself opens multiple discussion lines like Cyber risks, Audit findings, Cyber Security Technology Debt and Resilience. Each of them represent key aspects of the protective and preventative measures essential for effective business operations. Also, they are sources of huge amount of data points and potential points of failures.
This incoherent communication and management leads to potential financial, operational and reputational impacts caused by:
• Misdirected or Failed Strategies
• Loss of Trust across the Organisation
• Lack of Standardization
• Loss of key resources
Needs of the business are truly simple.
• Timely advise on:
1. Applicability and compliance relevant Operational Policies and Regulations
2. Assurance and partnership as new business strategies are launched
3. Assurance and partnership as Mergers and Acquisitions proceed
• Single window of risks and with associated impact in simple business terms and outcomes
• Timely transactional analysis to identify dependencies, critical paths and alternate paths
• Clear, Precise and Unambiguous business reporting with suggestions on mitigating risks with information to support prioritisation
• Early warning signals providing situational awareness and guide planning
WHAT:
To ensure success and effective performance of Enterprise Security and Governance a major change of approach is required. A new function of Trusted Advisors need to be created for this changed approach. These Trusted Advisors could be the bridge between Enterprise Security management and business units.
Key capabilities required for this role are:
• Ability to steer risk based decision making by complementing technical risks with business impacts
• Be able to provide inputs in risk vs. opportunity discussions
• Have an optimum mix of both technical and business knowledge to be able to provide sound recommendations
• Function as an insulating layer between various Enterprise Security and Governance units and the business operations
• Program manage process and technology improvement initiatives to meet quality and budgetary requirements
Value of Trusted Advisor can be explained by the following example.
Consider the scenario when one of your business unit plans for Digital Transformation of their key processes. The Security Trusted Advisor can enable this outcome in the various stages of the program as below.
Phase |
Outcome delivered |
Security Value add |
Strategy Conception and Formulation |
|
|
Strategic Planning |
|
|
Resource Allocation |
|
|
Strategy Implementation |
|
|
Strategy Review and Ongoing Operations
|
|
|
HOW:
A Trusted Advisory can be implemented in one of three ways or a combination.
Options |
Benefits |
Drawbacks |
Groom a Champion from within each business unit |
|
|
Trusted Advisor from IT |
|
|
Obtain the skills from the market |
|
|
Each organisation and its dynamics are unique and must adopt the most feasible approach as per its own set up.
CONCLUSION:
In this fast-moving world of agility and close business-IT partnerships, there is more need for a collaborative approach to solve business problems and risks. Establishing a Trusted Advisory function helps deliver below benefits:
• Business Aware Decision Making
• Effective Detection Controls
• Automatic Compliance
• Resource Optimization
• Continuous Improvements