Access "Layer8: Is risk management for real?"
This article is part of the February 2007 issue of Tips for navigating the maze of global security regulations
Is risk management just a trendy term in information security or is it here to stay? Is security a risk management task? Is it even compatible with risk management? It's surprising how contentious these questions can be. Perhaps even more surprising is that talented and experienced people on both sides of this argument are unaware that so many others have a diametrically opposed opinion. So what's the answer? Certainly, security must have something to do with risk. The classic formulation, Threat x Vulnerability = Risk, is one that skilled practitioners admit expresses some truth, and we typically speak in terms of doing risk "assessments." There is no doubt that dealing explicitly with risk is an integral part of security. So why not characterize this as "risk management?" For one thing, it brings a lot of baggage with it. If it wasn't a buzzword before, all the hype associated with compliance has made it one. If it wasn't bad enough that we allowed some spin doctor to replace the perfectly serviceable and accurate "computer security" with something ... Access >>>
Premium Content for Free.
Unified threat management: Fortinet's FortiGate 3600A
Fortinet's FortiGate 3600A
Unencrypted data at rest is data at peril.
New tools target ISPs to stop botnets
Security vendors are bringing the botnet fight to ISPs and carriers.
Intrusion Prevention: Juniper Networks' ISG 2000 with IDP
Juniper Networks' ISG 2000 with IDP
Endpoint Security: ScriptLogic's Desktop Authority 7.5
ScriptLogic's Desktop Authority 7.5
- At Your Service: February 2007 managed security services news
- Events: Information security conferences for February 2007
- Unified threat management: Fortinet's FortiGate 3600A
Security system products latest releases: Archsight, Finjan, Sophos
Get information, such as price, features, protection and support, on the most recently released versions of security products, such as Archsight logger and Sophos Security Suite.
Vulnerability scanning review: PatchLink's PatchLink Update 6.3
PatchLink's PatchLink Update 6.3
IPS by the Numbers
Choosing the right intrusion prevention technologies and products is a complex task, but following these six steps will make it simpler.
Information security blueprint for architecture and systems
A formalized security architecture diagrams how you should handle the changing threat and regulatory environments.
HIPAA privacy records and guidelines: How to achieve compliance
Learn how to achieve compliance with HIPAA certification and learn to avoid and fix risks with password security, privacy regulations, records, guidelines.
Cyber-Ark Enterprise Password Vault 4.0 product review
by Tom Bowers, Contributor
Product review of Cyber-Ark Enterprise Password Vault, a password management and security tool that manages passwords and controls privileged accounts.
Organizations sending data abroad must be prepared to comply with a slew of privacy and security regulations.
- Security system products latest releases: Archsight, Finjan, Sophos
More Premium Content Accessible For Free
For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...