Information Risk Management's Biggest Challenge

Helping Enterprises Achieve Their Critical Missions
Information Risk Management's Biggest Challenge

The biggest challenges to get organizations to successfully implement an information risk management program is to get buy-in from the organization's senior-most, non-technology leaders, NIST Senior Fellow Ron Ross says.

See Also: OnDemand Webinar | Third-Party Risk, ChatGPT & Deepfakes: Defending Against Today's Threats

That's because all organizations are highly dependent on information systems to achieve their goals, says Ross, who leads the National Institute of Standards and Technology's information risk management efforts.

[Also watch the video Ron Ross on Revised Security Controls.]

"When the senior leaders understand that connection, then they're willing to go forward and do what it takes to help protect their information assets," Ross says. "If that connection is not made, then it's very difficult for the folks downstream to do the right thing."

Once senior leaders commit to an information risk management process, the organization identifies its most critical missions and determines the processes needed to achieve them. Then, they develop the appropriate enterprise architecture to operate and carry out their missions. "It's a complicated process, but it's also structured and disciplined," Ross says. "Getting that top level support is the first step to making everything else happen."

In the interview, conducted at the recent RSA Conference 2012, Ross:

  • Clarifies the difference between information risk management with information security.
  • Discusses synergies between information risk management and other types of risk management.
  • Explains how information risk management can help organizations that face budget constraints.

Ross leads NIST's Federal Information Security Management Act compliance team. A graduate of the United States Military Academy at West Point, Ross served in a variety of leadership and technical positions during his 20-year career in the Army. During his military career, Ross served as a White House aide and as a senior technical advisor to the Department of the Army. He is a graduate of the Program Management School at the Defense Systems Management College and holds a master and Ph.D. in computer science from the United States Naval Postgraduate School.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.