Security Management Strategies for the CIOAccess "SRP evaluation criteria: Tools to enable security as a process"
This article is part of the July 2003 issue of Balancing act: Security resource planning helps manage IT risk
In the July 2003 Information Security magazine cover story, IT risk assessment: Using security resource planning products to improve, we evaluated three security resource planning (SRP) products based on the key criteria listed below. Framework/approach. Each SRP vendor has a different framework and varied approach to managing risk. The usage and processes that map inherently to the application will help the organization integrate a solution into its environment to evaluate risk levels, apply controls and remediate vulnerabilities. Risk measurement. Measuring risk, even in a basic way, allows enterprises to identify those areas that require protection and prioritize the workload. Vendors should provide some level of risk measurement, whether it's at a general level (high, medium, low) or more quantitative and specific. Measurement aids in risk evaluation and follow-up assessment of remediation activity. Content and knowledge management. The ability to capture and distill public security information--alerts, patch updates, etc.--allows an enterprise to ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
IT risk assessment: Using security resource planning products to improve
by Pete Lindstrom, Contributor
Enterprise risk management is a delicate balancing act. A look at three "security resource planning" products that seek to bring order to the process.
-
Using decision-tree modeling to determine paths of attack
by Pete Lindstrom, Contributor
Learn how one startup leverages decision-tree modeling to identify unwanted outcomes.
-
Infosec professional profile: Ron Gula
by Anne Saita, Senior Editor
Ron Gula rocked the IDS market with Dragon. Now he's trying to catch Lightning in a bottle.
-
Review: Configuresoft ECM 4.5 prevents security configuration errors
by Scott Sidel, Contributor
Review: Configuresoft ECM 4.5 improves security and automated compliance by preventing common configuration errors.
-
How to address SAN architecture security weaknesses
by Vijay Ahuja, Contributor
SAN technology has burst out of the data center, exposing the world to SAN architecture security weaknesses.
-
IT risk assessment: Using security resource planning products to improve
by Pete Lindstrom, Contributor
-
-
SRP evaluation criteria: Tools to enable security as a process
by Pete Lindstrom, Contributor
We evaluated three security resource planning (SRP) products based on this list of key criteria.
-
Who's who in IT risk management vendors 2003
by Pete Lindstrom, Contributor
Several IT risk management vendors market products and services that target parts of the enterprise risk management process.
-
Honeypot technology: How honeypots work in the enterprise
by Lance Spitzner, Contributor
The founder of the Honeynet Project explains how honeypots work and how they complement other technologies.
-
How to avoid federal Wiretap Act issues with a honeypot network security system
by Richard P. Salgado, Contributor
Hackers have rights, too. How can you deploy honeypots without running afoul of the law?
-
SRP evaluation criteria: Tools to enable security as a process
by Pete Lindstrom, Contributor
-
Columns
-
Opinion: 2003 Gartner Hype Cycle for infosec is wrong on IDS
by Andrew Briney
Et tu, Gartner? The research firm's pronouncement that IDS is dead is just the latest Hype Cycle gone awry.
-
Opinion: 2003 Gartner Hype Cycle for infosec is wrong on IDS
by Andrew Briney
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...