In the context of globalization, inducing ever-changing markets, companies are facing increasing competitiveness through innovation.
Over the past thirty years, the concept of “Risk Management” has become central for the companies, and a tool for their strategic decisions. It is also an essential component to be taken into account when talking about innovation. In order to make decisions in accordance with an organization’s interests, it must carry out a comprehensive risk analysis, through identification, evaluation, and monitoring at different levels, in accordance with its strategic and operational objectives.
However, it has been observed that the pursuit of profit through innovation might be limited by the reluctance or even refusal of some managers to take a risk. Therefore, the management of the latter could depend on several factors, such as the personality of the managers or the environment in which the company operates, and which would carry risks. Consequently, the development of an organization and its innovative activities requires the acceptance of risk-taking.
Risk management and innovation: the particular case of cyber-risk
Cyber-risk must be integrated into the overall risk assessment. A computer attack can quickly and directly affect the company’s operations or reputation. It is a crucial matter that the concerned organization identifies the interactions between the “traditional risks” (strategic, financial, operational, informational) associated with cyber risks.
To assist companies, various methods have been implemented to enable them to deal with threats caused by IT systems. The French National Agency for Information Security Systems (ANSSI) regularly updates the EBIOS method, which complies with the international information systems management standards ISO/IEC 27001, ISO/IEC 27005 and ISO/IEC 31 000.
Devoteam has developed the S-TRAM tool. It highlights the most appropriate analytical method, among those available on the market, to the company’s needs, after having precisely identified the risks it faces and the context in which it operates.
There is no such thing as zero risks and it is impossible to eradicate it completely. The ultimate objective for managers would be to carry out their projects successfully while at the same time transforming the risks involved in opportunities. Companies would thus go beyond the logic of survival, and enter into a logic of prosperity.
Also, on that note we will be present for the Les Assises event in Monaco for it’s 2018 edition. Meet us and discover our Cyber Security offer, click on the image for more information on registration!
