Finance Monthly October 2019 Edition

ASSURE YOUR PROJECTS TO REDUCE RISK When it comes to juggling multiple projects, there are a number of different things for managers to consider including budgets, timings and, crucially, security. Any changes within the project or smaller initiatives can have a significant impact on risk posture and if these risks aren’t identified and dealt with early on, projects may end up over budget, delayed or even brought to a complete standstill. Therefore, Security Assurance should be a top priority – particularly when working on transformational projects. Security Assurance needs to be baked into requirements (or Epic), design, sprint (Agile) and change activities – where the changes in risk are assessed and mitigating controls applied. Whether the project aims to move apps into the Cloud or deliver an essential upgrade to Cloud-based business systems, transformational projects warrant special consideration for maintaining confidentiality, integrity and availability. There is potential for a breach any time information is stored or shared – and IT project documentation frequently includes intimate network and systems details, which present an attractive target for hackers. As projects develop, the attack surface also changes and controls often get relaxed; however, tight controls should be increased and maintained throughout the entire project cycle. However, many companies are significantly underprepared in this area – leaving them unable to adequately safeguard their systems and data. Plan of action In order to properly arm themselves against attacks, it is vital that managers work together with information or cybersecurity specialists to understand the Information and cyber risks associated with any given project. Once these are understood, managers can begin Richard Menear CEO of Burning Tree 48 www.finance-monthly.com FINANCIAL INNOVATION & FINTECH - RISK