Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
October 2010

Brian Engle: An effective information security program requires ongoing monitoring

Information Security can often present us with many variables and complexities. We are typically concerned with the variables presented by unknown attackers, evolving threats, and the difficulty in determining the probability of all the things that can go wrong. Often we must also face the additional complexity of unknowns presented by the organization itself. Expansion and growth can result in distributed operations at varying levels of maturity with a lack of standardization. The variables produce complexity, and complexity can be the breeding ground for uncertainty. To limit risks to an acceptable level an information security program must remove uncertainty. The objective is to deliver the proper level of effective controls to protect information resources without excessive cost and without inhibiting required business operations. The italicized words form the gray area that regularly defeat information security metrics and risk equations. Achieving a balance between secured and useful, within budgetary constraints and ...

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close