Premium Content

Access "Information security risk tolerance"

Published: 19 Oct 2012

In industry best practices and regulatory requirements, much is written about information security programs and what these programs must address As recently as this year, Massachusetts' law regarding protection of personal information put forth explicit requirements for written information security programs. Regulations and best practices contain useful advice and generally sound requirements, but rarely -- if ever -- do they address the issue of ensuring the information security program is aligned with the company's tolerance for risk. Why is this topic absent, both in regulations and in best practice advice? How many companies actively discuss and manage information security risk tolerance? Understanding a company's risk tolerance related to securing information means that the information security department knows the degree to which the company's senior management requires their information be protected against a confidentially leak or data integrity compromise. And using that knowledge, the information security department has put policies and practices ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Unified threat management aspires to the enterprise class
    UTM_big_leagues.png
    E-Handbook

    Unified threat management (UTM) long focused on small and medium-sized businesses, but now it's climbing the ladder and attempting to become ...

  • Threat intelligence and risk: Why cybersecurity hangs in the balance
    ISM_0614.png
    E-Zine

    As more security professionals take on greater roles in global risk management, Global 2000 companies are investing in cybersecurity measures above ...

  • How to respond to the latest distributed denial-of-service attacks
    DDOS_attacks.png
    E-Handbook

    All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't ...