“ERM Best Practices in the Cyber World” is a 29-page “how-to” guide designed to help organizations successfully manage data risk through an enterprise risk management (ERM) approach. The report explores the best data risk management practices, concepts and challenges; the advantages and potential pitfalls of data risk assessments; steps to undertake an attorney-directed assessment project; practical solutions for weathering the cyber storm; as well as possible coverage opportunities under existing or newly available insurance policies.
“Data risks may hold unrecognized implications for an organization’s strategy, particularly if delegated to a technology function to manage alone,” said Carol Fox, Director of the Strategic and Enterprise Risk Practice at RIMS. “This report will help executives tap ERM best practices for unifying legal, security, data management and protection, information security, privacy, compliance and audit functions that are needed for a comprehensive data risk approach, while protecting risk assessment report findings.”
“The volume and value of sensitive data has never been higher and the sophistication of those who want to steal it continues to increase in lockstep with the newest technological innovations,” said David A. Speciale, J.D., CITRMS, Director of Business Acquisition at IDT911. “All the while, the potential cost of a data breach grows ever more catastrophic in terms of financial, legal, and reputational damage. Failure to act is not an option.”
Richard Magrath, Global Director, USLAW NETWORK said, “While a focused data risk assessment helps an organization’s management fulfill its fiduciary duty of care, the assessment itself can involve risk. The written reports generated at the culmination of such a risk assessment, whether conducted internally or by an external party, may provide a roadmap for an adversary, an advantage for a competitor or be produced as evidence of negligence or willful disregard in a tort action. It is important for organizations to protect such reports from unwanted discovery, so they can be used constructively within the organization with fewer misgivings about potential misuse.
