Access "The real information security risk equation"
This article is part of the May 2010 issue of How to watch over your data with effective database activity monitoring
Risk management is a fundamental requirement of information security. Without it, the safety of the information or system cannot be assured. In information security, risk is a variable that must be understood in order to best create cost-effective solutions to minimize negative risks with minimal impact to usability and cost. Risks are often uncertain, misunderstood, and can change based on circumstances. Risk management provides a way for you to understand and handle risks that are optimal for security, IT, and the business. It creates a common language to identify, assess, and understand potential threats and vulnerabilities while identifying means for mitigating, accepting, or avoiding the risk. However, one of the reasons we have difficulty in translating risks to our users is that many security practitioners maintain an unrealistic view of risk because we use an overly complex risk equation. It typically contains variables for threats, vulnerabilities, and mitigation. This isn't how people naturally think. Security guru Bruce Schneier described this ... Access >>>
Premium Content for Free.
Database activity monitoring keeps watch over your data
by Adrian Lane, Contributor
Database activity monitoring can help with security and compliance by tracking everything going on in the database.
OWASP Top 10 vulnerabilities list adds risk to equation
OWASP Top 10 vulnerabilities list adds risk to methodology used to categorize coding errors.
- Database activity monitoring keeps watch over your data by Adrian Lane, Contributor
Four steps toward a plan for a career in information security
by Lee Kushner and Mike Murray
Having a long-term goal for a career in information security isn't enough. Here are four key steps for planning for a career in information security.
The real information security risk equation
by Ron Woerner
A simplified information security risk equation helps translate information security risk to users.
Cybersecurity bill lacks details
The Rockefeller-Snowe cybersecurity bill has potential but raises a lot of questions.
- Four steps toward a plan for a career in information security by Lee Kushner and Mike Murray
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...