Risk Management

Eye On IT Security

Risk Management

This section explores the role IT security professionals play in working with management to conduct risk assessments on systems and processes in the enterprise. The section aims to showcase some best practices in communicating with upper management. It explores how companies are adjusting to the emergence of cloud computing and how regulatory compliance issues affect the risk profile of enterprises.

In this part:

Developing a risk management strategy

Developing IT risk management decision-making criteria an ongoing challenge
Ask ten information security managers how they define and manage risk, and you’ll get at least ten distinctly different answers. Many firms have their own unique ways of factoring risk into decision making, utilizing everything from detailed industry standards to informal spreadsheets.

But experts agree that effective information security risk management processes take time to develop, with even the most mature organizations constantly searching for the best way to come to grips with rapid changes in the threat landscape and the effect they have on the security of their products and services.

Learn how security pros are using multiple IT risk management frameworks to factor risk into their strategy decisions.

Security risk assessment

Six steps to a great information rist assessment report
Reporting the results of a risk assessment can be tricky. One wrong step can dilute all your hard work. Here are six steps in the right direction.

Read about the six steps to a great information security risk assessment report

Cloud risk management

CSA on its Cloud Controls Matrix
The Cloud Security Alliance recently released Version 2.1 of its Cloud Controls Matrix (CCM), a baseline set of controls aligned to the CSA guidance and mapped to industry standards, regulations and frameworks, such as ISO 27001/27002, PCI DSS, HIPAA and COBIT.

Learn about the Cloud Controls Matrix and how organizations can leverage it for cloud risk management.

E-discovery laws

Having an information governance framework matters
A recent increase in privacy litigation proves that UK companies, too, need e-discovery and data governance plans. Read about E-Discovery laws.

Financial services regulations

UK banks bracing for new financial services regulations compliance
The financial services industry has always been heavily regulated, but since the economic meltdown of 2008, regulations have been added in an attempt to stop such an event from occurring again.

At a recent Gartner conference, Juergen Weiss, a research director for the firm, listed the top five financial services regulations that banks should expect to deal with in coming years.