In our organization, we have implemented a Risk Team that is comprised of representatives from each of the security disciplines, Risk Management, Corporate Legal and potentially impacted business units. This team is utilized to assess risks in response to a reported incident or associated with a new initiative. Via process analysis the group recommends controls that might mitigate any associated risk.
It is important that companies realize the importance of seating security management at the table, when discussing product development or operating policy implementation. Effective utilization of an organizations security team allows for a better understanding of risk across the enterprise. As a result, the company can realize enhanced ROI for risk and compliance initiatives.
Read more about data protection in CSOonline's Data Protection section.