Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
February 2007

Layer8: Is risk management for real?

Is risk management just a trendy term in information security or is it here to stay? Is security a risk management task? Is it even compatible with risk management? It's surprising how contentious these questions can be. Perhaps even more surprising is that talented and experienced people on both sides of this argument are unaware that so many others have a diametrically opposed opinion. So what's the answer? Certainly, security must have something to do with risk. The classic formulation, Threat x Vulnerability = Risk, is one that skilled practitioners admit expresses some truth, and we typically speak in terms of doing risk "assessments." There is no doubt that dealing explicitly with risk is an integral part of security. So why not characterize this as "risk management?" For one thing, it brings a lot of baggage with it. If it wasn't a buzzword before, all the hype associated with compliance has made it one. If it wasn't bad enough that we allowed some spin doctor to replace the perfectly serviceable and accurate "computer ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue