Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
June 2009

How to write a risk methodology that blends business, security needs

PROTECTING INFORMATION ASSETS is the information security program's primary directive. But the industry's inadequate strategies are partly to blame for its failures to do so; the industry seems satisfied with its current game plan. We allow vendors and compliance to direct how we should protect assets without regard to analyzing what risks would be minimized by implementing the proposed technology. If we truly believe in protecting the confidentiality, integrity, and availability (CIA) of our information assets then we must think outside the box and take the time to analyze risk, and design security systems that can reduce residual risk. Security breaches (more than 260 million records lost since ChoicePoint; more than 30 million in 2008) are happening despite substantial investment in perimeter security defenses and compliance. The current standards and compliance efforts used to help protect our information assets are disproportionately technical and do not adequately address the current threats and security risks. It is clear...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close