Access your Pro+ Content below.
Cybersecurity: Global risk management moves beyond regulations
This article is part of the September 2013 Volume 15 / No. 7 issue of Information Security magazine
Regulatory environments and compliance drive global risk management and associated actions at many organizations. But auditing is not based on actual threats. As threat intelligence becomes more available and this information is offered up by multiple sources, is it changing the way that global enterprises view risk assessment? "The ability to access intelligence and react to complex attacks is vital," said MacDonnell Ulsch, CEO and chief analyst at ZeroPoint Risk Research, LLC, a Boston-based consultancy focused on global risk management and related services. "If a regulation states that a risk assessment must be conducted, what does that really mean? "Regulations don't instruct, so it is important to understand what to look for," said Ulsch, who likens global threat intelligence to a cat setting out birdseed. "After a time, the birds feel it's safe to eat there." Consumed by compliance Security professionals have warned companies for years that compliance-driven security programs may not adequately address security concerns. ...
Features in this issue
Modern firewalls offer greater application awareness and user controls. Protect your migration strategy with these tips from the pros.
This month's special online multimedia supplement to Information Security magazine details the advanced new features of next-generation firewalls and how to make the most of them.
While poaching security talent may plug short-term gaps, outreach and education will solve the long-term shortfall in IT security professionals.
Global risk management based on the lowest common denominator may not ‘comply' with IP or trade secrets. Analysts see big changes ahead.
Columns in this issue
Analysts expect security concerns to drive global risk management, but executives may need convincing.
Not down with Dropbox? Lee Heath embraced shadow IT and improved his company's data security practices in the process.
Forget the slogans. Reset your security awareness program with actionable information.