The nature of doing businesses has always included the inherent risk of security breaches and vulnerability to potential harm by others. Even though technology, the internet, and other digital innovations have brought us significant increases in productivity, they have also caused us to leave more doors open for potential risk. I have asked Albertina (Betty) Cardiel, Softtek’s IT Risk and Data expert, to chat with us about the current state of IT Risk and Compliance, as well as where she sees this sector evolving in the future. Betty has over 14 years of experience in Information Security, specializing in IT Compliance and Risk Management and as of recently, the Data Privacy field.
Lilian: What do you see as the biggest challenges facing companies today, in terms of IT Risk and IT Compliance? How can companies turn these into opportunities?
Betty: We are living in a world where disruptive technologies run rampant, and with this innovation comes more risks associated with cybersecurity. Regulators attempt to lessen the risk by establishing control mechanisms and specific requirements in place, and this adds a lot of responsibilities to businesses. There is an increasing amount of technology to defend, and even with the improvements in security prevention methods, there are still plenty of successful attacks that majorly impact organizations. This reality causes businesses to focus on developing a Risk Management approach, but if not designed and implemented correctly, it can leave the organization vulnerable to security breaches due to non-compliance requirements.
Lilian: What are the trends that you see emerging in IT Compliance & Risk, and how should companies prepare for these coming trends?
Betty: There are at least five major trends keeping companies busy. They are:
Lilian: What new technologies and innovations are available for successful IT Risk Management and Compliance implementations and how should companies be mindful of these for the future?
Betty: There are many platforms and vendors of Governance, Risk and Compliance (GRC) in the market, but there is still a lack of innovation in these tools since they are not yet ready for the disruptive digital world. A smart implementation must consider a strategic vision instead of a tactical one. GRC features are used only to react to the department compliance and risk requirements instead of adopting a holistic approach. When implementing services, businesses must consider the full picture when it comes to IT Compliance and IT Governance Maturity Model, and must understand the business applications that host the most critical information and processes in order to identify the risk management capabilities that need to be incorporated in the evaluation of the best GRC solutions for the company.
Lilian: What are the top three suggestions you have for companies about to embark on an IT Risk and Compliance initiatives and how can they best manage their time and resources?
Betty: I would suggest for businesses to commit to integrating risk management best practices across the board. It is important to understand and establish Business Regulatory requirements for the enterprise information process cycle through an IT Compliance landscape to define and prioritize strategic action plans as part of the organizational budget program. Also, companies should establish a compliance and third party risk procedures as part of the vendor management process to monitor and analyze risk profiles of vendors and suppliers.
Lilian: I know you have worked with several organizations to make their processes better and more secure. Are there any cases that stand out to you that you could share with us?
Betty: Sure. We had one top Fortune company that wanted to assess their supplier security and compliance practices, but did not have a clear idea of what the supplier’s risk level was. We helped that organization run a Risk Assessment to define the Third Party Risk and Compliance due diligence and monitoring strategy, through a mature vendor categorization process using practices such as Six Sigma, Lean and ISO, among other tools. We created an actionable IT Compliance framework tailored to the company supplier needs including vendors of new technologies (Cloud, Virtualization, Platforms and environments, etc.), which allowed the company to respond rapidly to business compliance requirements and decrease the third party security risk exposure. Lilian: Betty, this was great, thank you. Before we wrap up, are there any insights or suggestions you can leave us with? Betty: I am a strong believer in the “back to basics” model. This includes three main components:
For more information on how Softtek can help with your IT Risk and Compliance strategies, visit our or contact us directly at firstname.lastname@example.org
Betty Cardiel has over 20 years of experience in IT Leadership, Project Management and Information Security and Compliance Service’s Consolidation. She holds certifications as a C|CISO, ITIL Foundations, Practitioner and Service Level Management, ISO 20000. IT infrastructure certified auditor, Six Sigma Lean Green Belt and Black Belt Mentor. She has an ample experience as an Implementation Manager for Information Security Services such as Identity Management, Access Control Management, End Point Security (SAV, Scanning, Laptop Encryption, Vulnerability Management, NAC), Information Security Awareness, Security Controllership, Compliance and Governance processes for regulatory requirements, Application Security Services, Data lost Prevention as well as the Information Security Vendor Risk Assessment. She is also Founder and leader of a non-profit organization “StarOnTheFly” since 2009, focused to design Parental Cybersecurity educational programs and awareness conferences to mentors, schools, and teachers.