Enterprise Security Risk, Governance & Systems

A formal approach to security management contributes directly to business capability, reputation and operational/commercial viability of the organisation. To achieve this, you will need to align security governance, processes and controls to meet the organisation’s objectives.

Providence supports the boards, executives and risk-subcommittees of organisations to ensure they operate to best practice governance by focusing on three key areas:

  • Establishing enterprise security risk assessment frameworks
  • Undertaking board security risk briefings and resulting governance activity
  • Aligning organisational delegations, reporting and dashboards

  • Our approach can be summarised by the following diagram:

    Firstly, boards and risk sub-committees must ensure that staff are performing their security risk management activity and assure themselves at some level of detail that it is adequate.

    The board must then decide what threats affect the organisation and what must be invested in taking advantage of opportunities presented in the market.

    The board set the organisational risk appetite, showing the security risk management is an organisational priority and that endeavors to protect the organisation are adequately resourced.

    In the organisation, through executive, management and staff various functions are then performed such as risk analysis, the performance of risk-based SWOT analysis, actions to be undertaken and then feedback (via reporting) information to inform the board.

    Providence support organisations to:

  • Assess whether their security governance structures effectively enable evaluation, decision making and communication about an             organisations security risks
  • Develop management systems to confidently (and consistently) measures, assess and manage security risks within the                                 organisational risk tolerance/appetite settings
  • Develop enterprise/organisational level assessment of security risk
  • To define their risk appetite and risk tolerance the security context
  • Integrate mechanism for security assessment and reporting into broader organisational systems for managing risk
  • Assess their organisational security disposition i.e. which threat, asset class or control profile their security settings are oriented to            (whether by accident or intention)
  • Review security maturity monitoring.
  • assessing existing governance structure.
  • Assess whether it can effectively mitigate security risks.
  • Identify a single, accountable board-level owner of security risk.
  • Assess effectiveness of reporting processes or systems.
  • Enterprise Security Risk, Governance & Systems - Client Stories

    Home Affairs

    Defence Base Security Improvement Program

    Adash Janiszewski

    Chief Executive Officer

    Adash is Providence’s CEO and is responsible to the Providence Board and Providence’s clients for ensuring the timely delivery of outcomes through advice, guidance and mentoring to Providence’s staff.