Security Digest: Living Risk Registers Help Security Leaders Prioritize Real Risk Over Compliance Theater

Based on decades leading regulated organizations, SCP adjunct professor and former CIO Ann Dunkin details how living risk registers anchor real cyber resilience.

Organizations have a habit of falling into compliance traps without realizing it. Over time, regulatory checklists begin to stand in for real risk management, creating a sense of progress while underlying exposure grows. The issue isn’t a lack of understanding at the leadership level, but structural pressures that push decisions toward compliance at the expense of actual risk reduction.

Ann Dunkin is a 4-time enterprise CIO whose experience is grounded in navigating these tangled pressures. As the former CIO for both the US Department of Energy and the Environmental Protection Agency, she has managed multi-billion dollar budgets in some of the world's most heavily regulated organizations. Now a Distinguished Professor at Georgia Institute of Technology and an advisor to firms like Global Interconnection Group and CGAI, Dunkin explains that leaders need to move beyond the false dichotomy of compliance versus security and adopt a unified framework.