Premium Content

Access "Information security risk tolerance"

Published: 19 Oct 2012

In industry best practices and regulatory requirements, much is written about information security programs and what these programs must address As recently as this year, Massachusetts' law regarding protection of personal information put forth explicit requirements for written information security programs. Regulations and best practices contain useful advice and generally sound requirements, but rarely -- if ever -- do they address the issue of ensuring the information security program is aligned with the company's tolerance for risk. Why is this topic absent, both in regulations and in best practice advice? How many companies actively discuss and manage information security risk tolerance? Understanding a company's risk tolerance related to securing information means that the information security department knows the degree to which the company's senior management requires their information be protected against a confidentially leak or data integrity compromise. And using that knowledge, the information security department has put policies and practices ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Is your mobile security strategy combating the wrong enemy?
    ism_0414.png
    E-Zine

    As tablets and smartphones become more integrated into business environments, CISOs are scrambling to put effective countermeasures in place. But too...

  • What's the best focus for MDM strategy now?
    best_focus_for_MDM.png
    E-Handbook

    This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost...

  • Beat the security odds with a cloud risk equation
    ISM_0314.png
    E-Zine

    Despite the enormous concerns around cloud security, many information security professionals remain on the sidelines when it comes to their ...