With more and more enterprises using information technology to enable business innovation, defining the right organizational security strategy has become a C-suite imperative. Forward-thinking security leaders have made tremendous progress in driving tighter linkages between innovation goals and security actions. A critical element of this transformation has been a more structured and strategic approach to organizational risk assessment.

Any new business innovation inherently carries its own unique risk/reward equation. In the past security teams would often erect impenetrable barriers to innovation in the name of “mitigating risk.” But security leaders have recognized the need to fundamentally shift this perspective. Business innovations in a connected world will always carry some level of risk. Thus, security teams must mobilize to develop the practices, tools, and relationships necessary to effectively define and assess the level of acceptable risk required for each new innovation to yield maximum business reward.

The Security for Business Innovation Council, convened by RSA, is a group of 10 of the top security executives from global enterprises in a variety of industries. RSA is conducting in-depth interviews with Council members and publishing their ideas in a series of reports. The first report in the Security for Business Innovation series defined a set of recommendations for how security professionals could make information security more strategic to business innovation. The second Council report reflects the collective risk/reward lessons learned and best practices of 10 of the world’s most innovative and accomplished security leaders. It outlines a proposed strategy for making risk/reward calculations that drive optimum business value and for ensuring they are executed and governed for enterprise success.

In the report, Council members explain why security teams must shift their perspective to optimizing rather than mitigating risks. If you take away all risk, you take away all reward. As business innovation is about doing new things like entering new markets, building new channels, creating new sourcing models, and delivering new products, it inherently involves taking new risks. To maximize business rewards, enterprises must be poised to strategically assess the magnitude of each risk within the context of each new value creation opportunity.

Learn more about the relationship between security and business innovation and read the new Security for Business Innovation Council report: Mastering the Risk/Reward Equation: Optimizing Information Risks to Maximize Business Innovation Rewards on the RSA Security for Business Innovation website.