Premium Content

Access "Information security risk tolerance"

Published: 19 Oct 2012

In industry best practices and regulatory requirements, much is written about information security programs and what these programs must address As recently as this year, Massachusetts' law regarding protection of personal information put forth explicit requirements for written information security programs. Regulations and best practices contain useful advice and generally sound requirements, but rarely -- if ever -- do they address the issue of ensuring the information security program is aligned with the company's tolerance for risk. Why is this topic absent, both in regulations and in best practice advice? How many companies actively discuss and manage information security risk tolerance? Understanding a company's risk tolerance related to securing information means that the information security department knows the degree to which the company's senior management requires their information be protected against a confidentially leak or data integrity compromise. And using that knowledge, the information security department has put policies and practices ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Strategies for a successful data protection program
    data_protection_2014.png
    E-Handbook

    Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...

  • Devices, data and how enterprise mobile management reconciles the two
    ISM_supp_1014.png
    E-Zine

    The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...

  • Putting security on auto-pilot: What works, what doesn't
    security_auto-pilot.png
    E-Handbook

    For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...