Premium Content

Access "Layer8: Is risk management for real?"

Published: 24 Oct 2012

Is risk management just a trendy term in information security or is it here to stay? Is security a risk management task? Is it even compatible with risk management? It's surprising how contentious these questions can be. Perhaps even more surprising is that talented and experienced people on both sides of this argument are unaware that so many others have a diametrically opposed opinion. So what's the answer? Certainly, security must have something to do with risk. The classic formulation, Threat x Vulnerability = Risk, is one that skilled practitioners admit expresses some truth, and we typically speak in terms of doing risk "assessments." There is no doubt that dealing explicitly with risk is an integral part of security. So why not characterize this as "risk management?" For one thing, it brings a lot of baggage with it. If it wasn't a buzzword before, all the hype associated with compliance has made it one. If it wasn't bad enough that we allowed some spin doctor to replace the perfectly serviceable and accurate "computer security" with something ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside


More Premium Content Accessible For Free