Security Management Strategies for the CIOAccess "Marcus Ranum and Bob Blakley discuss risk management failures"
This article is part of the June 2011 issue of BYOD means creating a new security game plan in the enterprise
Marcus Ranum: Let’s jump right into this, shall we? You know I’ve been a pretty vocal skeptic of the idea we can manage risk in computer security -- especially since we’d have to understand risk first and it doesn’t seem like we do a good job of that. It seems almost unfair to point to nuclear accidents and Wall Street crashes as examples of risk management failures, but, really -- is that unfair? Bob Blakley: You’re joking, right? Of course it’s fair to point out that these things were failures of risk management. Take Chernobyl. The Chernobyl accident has certainly already cost more than the value created by the Chernobyl reactor over its lifetime, and the costs will keep adding up for the foreseeable future. Furthermore, the accident imposed costs on people who had nothing to do with the reactor’s construction, did not benefit from it, and were not given any say in any decision regarding its construction or operation. This is the textbook definition of a risk management failure – an incident that causes an entire initiative to have a net negative lifetime... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Get actionable results from a security information management system
by Andreas M. Antonopoulos
In order to get the best results, you need to limit your goals for SIM.
-
Revamped FISMA requirements aim to improve federal security
by Crystal Bedell
An automated tool and mandates for continuous monitoring try to improve federal information security efforts.
-
Get actionable results from a security information management system
by Andreas M. Antonopoulos
-
-
IT consumerization drives new security thinking
by Marcia Savage, Editor
The influx of personal smartphones and other computing devices into the enterprise is forcing a shift in security strategy.
-
Data breaches show enterprise need for better data security management
by Robert Westervelt, News Director
Sony and other data breaches suggest need for data accountability, better configuration management.
-
IT consumerization drives new security thinking
by Marcia Savage, Editor
-
Columns
-
Lack of SMB security opens door to online criminals
by Michael S. Mimoso, Editorial Director
Online criminals have smaller targets firmly in their crosshairs.
-
Mobility trend takes off in the enterprise but leaves out security
by Chenxi Wang
Banks and other businesses are rushing to jump on the mobility trend but leaving security behind.
-
Marcus Ranum and Bob Blakley discuss risk management failures
by Marcus J. Ranum, Contributor
Security expert and Information Security magazine columnist Marcus Ranum continues a new bimonthly feature where he goes one-on-one with a fellow security industry insider.
-
Lack of SMB security opens door to online criminals
by Michael S. Mimoso, Editorial Director
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...