Access "Layer8: Applying numbers to risk management"
This article is part of the February 2008 issue of Does security make the grade in Windows Server 2008?
Risk management brings you closer to the business, but you must understand that risk is not a numbers game. When I started in IT the late 1980s, the discipline of protecting computers was unambiguously referred to as computer security. In the mid '90s, we had heated discussions over the appropriateness of the term information security. Just a few years ago, most of the vendors that had earlier touted their wares as infosecurity products decided to reposition themselves as being in the compliance business. At about that same time, I caught flak for using this column to suggest security was a risk management function. Now the term du jour is GRC, an unpronounceable acronym standing for governance, risk and compliance. Terminology inflation represents a positive trend in this case. It is indicative of a legitimate broadening of perspective and improved alignment with the business. Security is a specialized task, a narrow focus on a specific set of vulnerabilities that can potentially be exploited by humans. In practice, most security specialists exceed the ... Access >>>
Premium Content for Free.
Data Loss Prevention Tools Offer Insight into Where Data Lives
DLP tools help mitigate incidents and aid with data discovery.
- Viewpoint: FIPS concepts applicable beyond governments
KoolSpan's TrustChip secures cell phones, other mobile apps
KoolSpan has incorporated its authentication/encryption technology into a Secure Digital (SD) card, which can be plugged into any compatible cell phone.
Product review: Titus Labs' Message Classification
Survey: Security Pros Identify Priorities for 2008
Security professionals prioritize mobility and security, identity and access management, protecting data and intellectual property and vulnerability management.
- Data Loss Prevention Tools Offer Insight into Where Data Lives
Examine Security Features and Tools of Microsoft Windows Server 2008
Unwrap Windows Server 2008, the first server revision under Trustworthy Computing. Microsoft promises it is secure by design, default and deployment.
Product review: BreakingPoint Systems' BPS-1000
NETWORK DEVICE TESTING
Product review: Application Security Inc.'s DbProtect
DATABASE SECURITY & COMPLIANCE
Webroot Antispyware Corporate Edition product review
Protect against antispyware and antivirus with Webroot Antispyware Corporate Edition. In this product review get info on installation, cost, management and policy control.
Security Services: Postini Message Discovery, Archive editions
At Your Service
- Examine Security Features and Tools of Microsoft Windows Server 2008
March of the Trojans: The rising Trojan threat
by Dennis Fisher
Trojans such as Storm, the Nugache worm and a host of other botnets have compromised millions of PCs, most without the knowledge of the machine's owners.
Governance: Security is tiny portion of IT budgets
by Robert Westervelt
A Burton Group survey says security budgets typically make up 2% of IT budgets.
Interview with Troon Golf's Cary Westmark
PING: Cary Westmark
Layer8: Applying numbers to risk management
Quality Counts, Not Quantity
Key Security Initiatives Abound
Editor's Desk: Everything Goes
Perspectives: SSL No Security Blanket
Encryption cannot patch the holes created by insecure software.
- March of the Trojans: The rising Trojan threat by Dennis Fisher
More Premium Content Accessible For Free
For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...