Closing the gap between IT security risk management and business risk

Closing the gap between IT security risk management and business risk

Date: Jun 21, 2013

Few organizations understand just how wide the gap can be between IT security risk and business risk.

While IT security risk management efforts focus on identifying threats to the IT infrastructure, business risk management is a much broader discipline encompassing the many and varied aspects of a business beyond IT, operational risk in areas like finance, procurement and business development.

"What happens is you have this adversarial or disjointed view of risk understanding," said Tony UcedaVelez, founder and managing partner with application security consultancy VerSprite. "Security practitioners need to understand the businesses they're defending."

In this video, UcedaVelez discusses the importance of translating IT security risk into business risk, and how to do so in a way that emphasizes the potential cost to the business. He also discusses why some IT security risks present more or less business risk than information security practitioners realize, and how to ensure an IT security risk assessment can be used to successfully articulate business risk.

More on Enterprise Risk Management: Metrics and Assessments

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: