Yasmine Abdillahi, executive director of security risk and compliance and business information security officer at Comcast, said organizations need to consider three elements to get cybersecurity governance, risk and compliance right and those are having trust in the data, achieving alignment on risk appetite and accountability and providing actionable data.
In an opinion piece published Wednesday in Corporate Compliance Insights, Abdillahi noted that trusting the data used in making risk management decisions is key to the success of a cybersecurity GRC team.
“How do you make trust happen? Having ongoing conversations with the owners/creators of the data is key to establishing rapport and strong relationships,” she noted.
When it comes to accountability, Abdillahi cited the need for organizations “to have a well-defined structure for who is responsible for the different areas as well as a clear path established for remediation if you aren’t compliant.”
For the third element, the Comcast executive stated that cyber GRC teams should “speak in business terms to assist control owners and leadership with relevant and actionable insights.”
Abdillahi will serve as one of the speakers at the Potomac Officers Club’s 2024 Cyber Summit on June 6. Register here to hear her insights as she joins a panel discussion on the Cybersecurity Maturity Model Certification program.