In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility.
How do you define cyber risk within your organization’s overall enterprise risk framework?
At Ecolab, we don’t approach cyber risk in isolation. Instead, it’s positioned as an integral component of our overall enterprise risk management framework. We define cyber risk as the potential for loss or harm related to technical infrastructure, use of technology, or management of information and, generally, we evaluate risk in a few different ways.
First, we look at operational risks which includes risks that could disrupt our ability to deliver products or services including system outages, data corruption, or impact to critical infrastructure that could affect business continuity. Second, we look at financial risks which include potential monetary losses from cyber incidents such as fraud, regulatory fines, remediation costs, or revenue impacts from service disruptions. The final prong in our framework is reputational risk.
We view…
