New offering aims to help clients make good on risk plans and strategies
Organizations are generally good at doing risk assessments and understanding their security needs, but many fail to follow through with their plans for lack of resources or skills related to implementing the controls necessary to meet their goals. To address that disconnect, Optiv Security this week announced a new Risk Transformation Service that takes clients from assessment and gap analysis to security strategy execution.
The Lowdown: The Risk Transformation Service adds to Optiv’s lineup of cybersecurity risk offerings, which are focused on addressing and resolving the pervasive need for risk governance, the speed of change around security and risk management issues, and the need to communicate security posture and maturity to stakeholders.
The Details: The new Optiv service comes in two flavors:
• Enterprise Risk Transformation Service: Helps clients execute on risk strategies based on business objectives, assessment results, and a list of goals for the future state of the organization. The enterprise service includes program management, quality assurance, and oversight of a transformation or remediation initiative.
• Quickstart Risk Transformation Service: Enables midsize organizations to get started with a risk-centric model for cybersecurity, then helps them with their first steps to execute on their road map.
The Buzz: “Organizations today are adopting new risk and compliance principles to achieve business resilience,” said Dustin Owens, vice president of Optiv’s risk advisory practice. “As IT risk management evolves to more holistic operational risk management, it is being integrated into the fabric of organizations. This means that security teams are now a critical component to the overall business risk strategy.
“As a result, adaptive, risk-based decision-making is becoming core to business agility and resilience, taking over from the antiquated check-the-box, compliance-based approach of the past,” Owens said. “It’s high time for companies to embrace the risk revolution. They need to take a stance against the outside-in approach – which is predicated on continuously responding to legislative and regulatory requirements, specific threats, and other outside factors – and rewrite how they manage cybersecurity by proactively addressing all aspects of cybersecurity risk, including privacy and governance, cyber resilience, and risk optimization.”