Feature

Editor's Desk: Risk is the new black

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."

Download it now to read this article plus other related content.

Compliance is a straightforward exercise, Parker says. Fines and the threat of imprisonment make compliance a no-brainer objective for security and management.

Diligence, or benchmarking your organization against that of a successful security operation, is a powerful tool to wield with management in order to motivate them to take action. These benchmark tests, Parker says, can be done in confidence with a peer CISO in order to establish a baseline of security success against which your organization is com- pared. "If you want to make sure you are doing as least as well as your competitors are doing in security, here is a list of things you must improve," Parker says.

Finally, enablement happens when security is the competitive differentiator between two services.

Parker believes CISOs would open a wider pipe-line to the top by basing their programs on these three objectives.

"I think that it is difficult to use risk reduction in selling security to top management, because top management is used to dealing with business risks every day," Parker says. "They look at risk assessments provided by CISOs and say 'OK, we've got risks, but we've got risk every day. We'll just let that risk lie there. We have more serious business risks to deal with.'"

Is that happening in your organization? Do you think it is time to reconsider risk? Donn Parker says so, and

    Requires Free Membership to View

that's a pretty big endorsement. I wonder if when it comes time for Information Security's 20th anniversary issue whether we'll look back at his thinking as an inflection point for the coming decade.

This was first published in January 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: