Security Management Strategies for the CIOAccess "IT risk assessment: Using security resource planning products to improve"
This article is part of the July 2003 issue of Balancing act: Security resource planning helps manage IT risk
Infosec professionals love to talk about risk. It defines our profession. But we often speak of risk as if it's some omniscient entity to which we must pay tribute. Practical enterprise risk management involves managing exposures associated with the people, places and things in an enterprise. How about we just get over it? We grapple with risk all the time. We create computing infrastructures in the most hostile environments, driven at breakneck speeds. All while obeying regulatory stop signs. Balancing risk and security and functionality and efficiency and budget is a big, complicated task. Most IT security pros use a "divide and conquer" strategy: compartmentalize risk into logical categories, then throw security products and loosely defined "best practices" at identified weaknesses. While this approach addresses risk, it doesn't address RISK. That is to say, it identifies and responds to risk factors on narrowly defined levels--application, network, human, regulatory, etc.--but it ignores how the pieces add up to an enterprise-scale "risk ecosystem." ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
IT risk assessment: Using security resource planning products to improve
by Pete Lindstrom, Contributor
Enterprise risk management is a delicate balancing act. A look at three "security resource planning" products that seek to bring order to the process.
-
Using decision-tree modeling to determine paths of attack
by Pete Lindstrom, Contributor
Learn how one startup leverages decision-tree modeling to identify unwanted outcomes.
-
Infosec professional profile: Ron Gula
by Anne Saita, Senior Editor
Ron Gula rocked the IDS market with Dragon. Now he's trying to catch Lightning in a bottle.
-
Review: Configuresoft ECM 4.5 prevents security configuration errors
by Scott Sidel, Contributor
Review: Configuresoft ECM 4.5 improves security and automated compliance by preventing common configuration errors.
-
How to address SAN architecture security weaknesses
by Vijay Ahuja, Contributor
SAN technology has burst out of the data center, exposing the world to SAN architecture security weaknesses.
-
IT risk assessment: Using security resource planning products to improve
by Pete Lindstrom, Contributor
-
-
SRP evaluation criteria: Tools to enable security as a process
by Pete Lindstrom, Contributor
We evaluated three security resource planning (SRP) products based on this list of key criteria.
-
Who's who in IT risk management vendors 2003
by Pete Lindstrom, Contributor
Several IT risk management vendors market products and services that target parts of the enterprise risk management process.
-
Honeypot technology: How honeypots work in the enterprise
by Lance Spitzner, Contributor
The founder of the Honeynet Project explains how honeypots work and how they complement other technologies.
-
How to avoid federal Wiretap Act issues with a honeypot network security system
by Richard P. Salgado, Contributor
Hackers have rights, too. How can you deploy honeypots without running afoul of the law?
-
SRP evaluation criteria: Tools to enable security as a process
by Pete Lindstrom, Contributor
-
Columns
-
Opinion: 2003 Gartner Hype Cycle for infosec is wrong on IDS
by Andrew Briney
Et tu, Gartner? The research firm's pronouncement that IDS is dead is just the latest Hype Cycle gone awry.
-
Opinion: 2003 Gartner Hype Cycle for infosec is wrong on IDS
by Andrew Briney
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...