For those of us working in the information risk management space, times are challenging. For the last 12 to 14 months, the focus was on how we can get more out of our information assets while controlling the risk management costs. Now that the economy is showing signs of revival, we might get challenged with new forms of risk as organizations become aggressive and would try to regain lost ground and market share.

One key element which we need to manage always are our relationships, many times we hear ourselves say “My management doesn’t understand the value of risk management and security” or “My users just look at convenience and any controls we define are met with resistance” etc. Hence relationship management is important for us to be successful in our function (like most others I guess).

At a high level following are our interfaces or “Configuration items (CI)” (a term borrowed from ITIL!).

§  Management: They look at the strategic view­ – e.g. how do I grow market share?

§  Business Operations: They look at the tactical view – e.g. how do I ensure this customer 
happy?

§  Employees: They look at the convenience view – e.g. I need access to this resource
and now.

§  Security: They look at the control view – e.g. Do exactly as I say!

Each of the above CI’s would need to align for an organization to runs its business and manage risk effectively. As Risk managers and CSO’s how do we ensure this happens and everyone contributes?

Srimad Bhagavatam speaks about Catustayam—the four diplomatic principles:

§  Saama: The process of pacifying

§  Daama: The process of giving money (rewards)

§  Danda: The principle of punishment

§  Bheda: The principle of dividing

We need to effectively apply the right principle to the right CI at the right time for the right situation to get the desired result. Hence a matrix needs to be built mapping the four CI’s and the four principles, examples of which I have attempted to explain in a presentation.

The presentation is available online at:

http://www.aujas.com/presentations.html