Security Management Strategies for the CIOAccess "Choosing the right information security risk assessment framework"
This article is part of the March 2011 issue of Best practices for securing virtual machines
Many regulations and virtually all security frameworks require some objective assessment of risks. The reason is simple: Security controls should be selected based on real risks to an organization's assets and operations. The alternative -- selecting controls without a methodical analysis of threats and controls -- is likely to result in implementation of security controls in the wrong places, wasting resources while at the same time, leaving an organization vulnerable to unanticipated threats. A risk assessment framework establishes the rules for what is assessed, who needs to be involved, the terminology used in discussing risk, the criteria for quantifying, qualifying, and comparing degrees of risk, and the documentation that must be collected and produced as a result of assessments and follow-on activities. The goal of a framework is to establish an objective measurement of risk that will allow an organization to understand business risk to critical information and assets both qualitatively and quantitatively. In the end, the risk assessment framework ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Choosing the right information security risk assessment framework
There are a lot of risk assessment frameworks out there. Here's what you need to know in order to pick the right one.
-
Managing client-side security with patch management best practices
Attacks on applications like Adobe Reader and Java require effective and timely patching of user systems.
-
Choosing the right information security risk assessment framework
-
-
Virtualization 101: Best practices for securing virtual machines
by Dave Shackleford
VMs introduce a new security dynamic, one that emphasizes asset discovery, change management and tweaks to existing security technology.
-
Virtualization 101: Best practices for securing virtual machines
by Dave Shackleford
-
Columns
-
Consumerization of IT requires new security model
by Chenxi Wang, Contributor
Security managers should take advantage of the consumerization of IT trend to reinvent themselves.
-
Cloud computing technologies: transformation time
Cloud computing is forcing an evolution of information security practices and technology.
-
New cybersecurity training program targets high schoolers
A new competition tries to foster interest in cybersecurity early on.
-
A framework for information security career success
by Lee Kushner and Mike Murray
Here are four things you need to do in order to execute on your long-term career plan.
-
Consumerization of IT requires new security model
by Chenxi Wang, Contributor
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...