Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
October 2010

Information security risk tolerance

In industry best practices and regulatory requirements, much is written about information security programs and what these programs must address As recently as this year, Massachusetts' law regarding protection of personal information put forth explicit requirements for written information security programs. Regulations and best practices contain useful advice and generally sound requirements, but rarely -- if ever -- do they address the issue of ensuring the information security program is aligned with the company's tolerance for risk. Why is this topic absent, both in regulations and in best practice advice? How many companies actively discuss and manage information security risk tolerance? Understanding a company's risk tolerance related to securing information means that the information security department knows the degree to which the company's senior management requires their information be protected against a confidentially leak or data integrity compromise. And using that knowledge, the information security department ...

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close