At InfoSec World 2020 on Tuesday, a pair of risk officers from Party City offered an inside glimpse into how the $2.1 billion specialty retailer pulled off its first-ever top-down enterprise-wide IT risk assessment. Among the chief success factors they cited were: executive buy-in, the collaboration of skilled partners, assuring adequate resources, well-planned project scoping, and collaboration with its business operations.

Co-speaker Rolando Espinoza, director, governance, risk and compliance, security validation, said the company had previously performed a bottom-up risk assessment in the form of a cyber maturity assessment (CMA). But the retailer was looking to focus beyond mere security controls when evaluating risk.

To perform this broader risk assessment, the risk team would have "take into consideration the organization, the business processes, the mission and then how our information systems, and the risk related to those, align," said Espinoza. He also said the assessment program would need to look at the company's strategic goals and objectives, its priorities, and its availability of resources and skill sets, as well as laws and regulations that the retailer must comply with, including Europe's GDPR.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.