Communicating the risks of IT to the enterprise is crucial in preventing security risks arising in the first place, according to the Information Systems Audit and Control Association's (ISACA) international president, Ken Vander Wal.
Speaking to CIO Australia in the lead up to this week's annual ISACA Oceania conference, Vander Wal said the risks associated with IT need to be realised across the business.
"Making sure that the IT risk management process is incorporated into the overall IT corporate risk management is important," he said.
"All of the risks can be managed to a large extent, and a theme we suggest CIOs and organisations consider is about embrace and educate."
With the number of cyber attacks increasing due to the consumerisation of IT, Vander Wal said CIOs needed risk management strategies in place if they were to combat such threats.
"One of the big concerns is people bringing their own device and storing corporate confidential information on those devices," he said.
"...It all begins with IT governance followed by control and risk management and then you have security and an auditing function that makes sure the first three are working."
With social media posing a further risk to the enterprise, the implementation of a social media policy was also crucial.
"The CIO has to make sure risk management is integrated into the business and it starts with making sure in risk assessment is being driven by what the business risk is," Vander Wal said.
"...You don't roll out and allow social media without having your policy defined."
Follow Lisa Banks on Twitter: @CapricaStar
Follow CIO Australia on Twitter: @CIO_Australia