Tue, May 28, 2019

Shay Colson Covers the Difficult Role of Risk Managers in Infosecurity Magazine

Shay Colson, a director in our CyberClarity360 team, discussed the growing trend of risk management being covered by sophisticated dashboards that aim to become a single source of truth for their organizations. Shay’s article was published on Infosecurity Magazine, a short excerpt is provided below along with a link to the original article:

Let's get this out of the way up front: I don't hate dashboards. I understand that practitioners need some sort of asset to help us translate what we're seeing on the ground to something that can be consumed by the board or the C-suite.

I also greatly appreciate the power of data visualization – there may not be a better way to help discover additional insights and track progress, but progress doesn't happen through, or even because of, the dashboard. Indeed, dashboards only reflect progress earned through hard work and difficult conversations.

It's time we recognize and acknowledge where the hard work of cyber risk management really takes place: in the grey areas, in challenging conversations and in those times when assumptions differ from reality.

A common narrative which echoes throughout the halls of conferences or on webinars goes something like this: "We just need additional visibility!" or "If only we had a single pane of glass..." or "All of our data is so siloed, we just need to get it all in one place."

While these may all be worthy goals and necessary parts of the risk management lifecycle, achieving these things alone will not improve your risk posture. They can also end up being very distracting – making your team feel like they’re working towards something, when really these projects end up more effectively making you look busy without moving the needle on managing any risks. Instead of starting with potentially distracting efforts like dashboards, here are several common conversations that practitioners should be having with their stakeholders.

The full article is available on Infosecurity-magazine.com.