Premium Content

Access "Layer8: Applying numbers to risk management"

Published: 22 Oct 2012

Risk management brings you closer to the business, but you must understand that risk is not a numbers game. When I started in IT the late 1980s, the discipline of protecting computers was unambiguously referred to as computer security. In the mid '90s, we had heated discussions over the appropriateness of the term information security. Just a few years ago, most of the vendors that had earlier touted their wares as infosecurity products decided to reposition themselves as being in the compliance business. At about that same time, I caught flak for using this column to suggest security was a risk management function. Now the term du jour is GRC, an unpronounceable acronym standing for governance, risk and compliance. Terminology inflation represents a positive trend in this case. It is indicative of a legitimate broadening of perspective and improved alignment with the business. Security is a specialized task, a narrow focus on a specific set of vulnerabilities that can potentially be exploited by humans. In practice, most security specialists exceed the ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free