Access "How to write a risk methodology that blends business, security needs"
This article is part of the June 2009 issue of Effective strategies for risk management and security information management systems
PROTECTING INFORMATION ASSETS is the information security program's primary directive. But the industry's inadequate strategies are partly to blame for its failures to do so; the industry seems satisfied with its current game plan. We allow vendors and compliance to direct how we should protect assets without regard to analyzing what risks would be minimized by implementing the proposed technology. If we truly believe in protecting the confidentiality, integrity, and availability (CIA) of our information assets then we must think outside the box and take the time to analyze risk, and design security systems that can reduce residual risk. Security breaches (more than 260 million records lost since ChoicePoint; more than 30 million in 2008) are happening despite substantial investment in perimeter security defenses and compliance. The current standards and compliance efforts used to help protect our information assets are disproportionately technical and do not adequately address the current threats and security risks. It is clear that spending additional ... Access >>>
Premium Content for Free.
How to write a risk methodology that blends business, security needs
One security professional describes a homegrown risk methodology currently being used by a large university and a private corporation.
Lack of cloud computing definition adds confusion, risk
Vendors loosely using the term cloud computing are causing confusion for users in the market for buying and securing these services.
- How to write a risk methodology that blends business, security needs
Risk management must include physical-logical security convergence
If your organization is serious about managing risk and total asset protection, then physical-logical convergence is a necessary step.
Mature SIMs do more than log aggregation and correlation
They've come a long way from the early days of log aggregation and correlation; enterprises now glean value from SIMs for compliance, visualization, and even overall business intelligence.
- Risk management must include physical-logical security convergence
Three cloud computing risks to consider
Cloud computing carries risks that enterprises need to weigh before they forge ahead.
New partnerships, creative thinking help security bust recession
The economy is forcing organizations to be more resourceful and bury the hatchet. And that's a good thing.
- Three cloud computing risks to consider
More Premium Content Accessible For Free
For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...