Governance & Risk Management , Next-Generation Technologies & Secure Development , Threat Intelligence

Why We Need a Holistic Risk-Based Approach to Cybersecurity

FAIR Institute’s Nick Sanna on Benefits of Risk-Based Approach to Cybersecurity
Nick Sanna, President, FAIR Institute

Cybersecurity organizations are constantly monitoring systems for signs of a breach and patching vulnerabilities, but the real focus should be on enterprise risk. Nick Sanna, president of FAIR Institute, makes the case for implementing a risk-based approach to cybersecurity.

See Also: Live Webinar | From Risk-Based Vulnerability Management to Exposure Management: The Future of Cybersecurity

In this interview with ISMG at the London inaugural summit of the Fair Institute, Sanna advised organizations to follow the core principles of cyber risk oversight:

  • It's not a tech problem, it's a strategic risk problem;
  • Boards need to understand their risk responsibilities, beyond compliance with regulations;
  • The need to access adequate expertise, where digital risk is core;
  • Management needs to provide a cybersecurity framework - comprising both technical and management, making clear who does what and the structure behind the operations;
  • Management must assess and report risk (not the board who oversees the risk);
  • Boards should encourage system reliance and collaboration.

Sanna, who is also CEO of RiskLens and board member, ISA, is a serial high-tech entrepreneur who helps large organizations close the gap that separates IT from the business. His current focus is on helping translate cybersecurity risk in a common financial language that everyone can understand so that cyber risk can be proactively managed from the business perspective.


About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.