This blog post is an excerpt from our new ebook, Enterprise Risk Management in Today’s Digital World, download the ebook to learn about the need for and steps toward effective enterprise risk management (ERM) in government here.
Today, the need for risk management in government has grown along with agencies’ digital footprints. That’s because the more complex the environment, the more vulnerable it may become.
To securely and efficiently operate in today’s digital environment, agencies need robust security tools and practices that enable seamless government services. They need greater collaboration between the teams that focus on risk management, security and how the network supports critical business operations. To make this a reality, agencies need a unified approach to managing digital risks. To learn more about digital risk management, GovLoop sat down with Robert Carey, Vice President and General Manager of Global Public Sector Solutions, and Dan Carayiannis, Public Sector Director at RSA Security.
“Digital risk management is really the understanding of the mission or the business as it maps to the network, and the technologies that are within the network,” Carey explained. “It’s understanding the exposure of risk as organizations embrace new technologies, whether it’s mobile, cloud computing, AI or more.”
The need for digital risk management has accelerated as government expands its IT infrastructures and technology footprints, Carayiannis added.
“This concept of moving from more of a traditional IT infrastructure, to one where they’re embracing more of the new digital technologies, the shift to new technologies can oftentimes present unexpected risks,” Carayiannis said. “For agencies that are trying to leverage new technologies and capabilities, but not really thinking about the possible downstream risks that they might bring upon themselves, they could be opening themselves to a plethora of negative consequences.”
An added dimension of risk that government organizations need to consider and address is third-party risk. Departments and agencies are increasingly leveraging third parties to support mission and business operations. In many cases these organizations provide added capabilities and expertise often times at a reduced cost. At the same time, government organizations need to respect the fact that these third and even fourth party organizations are now part of their “extended risk ecosystem” and as such need to be managed, controlled and inspected accordingly.
So what can agencies do? They need to implement a solution that empowers organizations of all sizes to manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer Suite, organizations can quickly implement risk management processes based on industry standards and best practices — leading to improved risk management maturity, more informed decision-making and enhanced business performance.
“Archer provides visibility or command and control of what’s going on in the network,” Carey said. “That allows agencies to manage what’s going on in detail to the network, still leverage new technologies to meet mission, and keep their infrastructures safe as they move into the future.”