I had the honor and privilege to spend several days last week with 400 IT leaders at our Gartner Peer Forum in Orlando, Florida. Speaking to the group gave me the opportunity to explain what many, including my fellow Gartner research colleagues, call “fluffy management stuff” or FMS for short.
What is FMS? Well, it refers to the myriad of approaches that companies employ while building program management capabilities to address major initiatives. In my case, I help companies looking to build risk management and security programs. FMS related to risk management and security programs can be quite deep and often obscures the ultimate objective – to succeed in a safe and secure manner.
At Gartner, we bring clarity to the FMS related to risk management and security through the lens of integrated risk management (IRM). Gartner defines IRM as “a set of practices and processes supported by a risk-aware culture and enabling technologies that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks”. Using Gartner’s three dimensions of IRM — framework, metrics and systems — you can increase the maturity of your risk management disciplines to mitigate the digital business risks of the future.
As you might notice, the three dimensions of IRM – Framework, Metrics and Systems – spell “FMS”. However, that is where the similarity to FMS ends. In our research, we provide practical tools and methods to help companies construct an efficient and effective risk management and security program. In fact, just this week, we published a research note that details the top 10 factors for IRM success (Gartner subscription required).
If you are interested in learning more about constructing an efficient and effective risk management and security program, please make plans to attend one of our upcoming 2017 Gartner Summit Events across the globe. You can also read more of my research here – John A. Wheeler Research & Bio.
Read Complimentary Relevant Research
Five Golden Rules for Creating Effective Security Policy
Policy writing is a risk communication exercise that is frequently performed by people who lack the skills needed to create good security...
View Relevant Webinars
Move Beyond 'Awareness' to Security Culture Management
On its own, security awareness can be ineffective in helping organizations instill the desired/needed values and behaviors. Employees...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.