Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
February 2008

Layer8: Applying numbers to risk management

Risk management brings you closer to the business, but you must understand that risk is not a numbers game. When I started in IT the late 1980s, the discipline of protecting computers was unambiguously referred to as computer security. In the mid '90s, we had heated discussions over the appropriateness of the term information security. Just a few years ago, most of the vendors that had earlier touted their wares as infosecurity products decided to reposition themselves as being in the compliance business. At about that same time, I caught flak for using this column to suggest security was a risk management function. Now the term du jour is GRC, an unpronounceable acronym standing for governance, risk and compliance. Terminology inflation represents a positive trend in this case. It is indicative of a legitimate broadening of perspective and improved alignment with the business. Security is a specialized task, a narrow focus on a specific set of vulnerabilities that can potentially be exploited by humans. In practice, most ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close