PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
February 2008

Layer8: Applying numbers to risk management

Risk management brings you closer to the business, but you must understand that risk is not a numbers game. When I started in IT the late 1980s, the discipline of protecting computers was unambiguously referred to as computer security. In the mid '90s, we had heated discussions over the appropriateness of the term information security. Just a few years ago, most of the vendors that had earlier touted their wares as infosecurity products decided to reposition themselves as being in the compliance business. At about that same time, I caught flak for using this column to suggest security was a risk management function. Now the term du jour is GRC, an unpronounceable acronym standing for governance, risk and compliance. Terminology inflation represents a positive trend in this case. It is indicative of a legitimate broadening of perspective and improved alignment with the business. Security is a specialized task, a narrow focus on a specific set of vulnerabilities that can potentially be exploited by humans. In practice, most ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue