Risk-Based Security Management Needs More Support
The average company's commitment to risk-based security management is "significant," according to a new study from compliance management company Tripwire. But there's just one problem: The IT side sees the value of risk-based management, but the business side is still perplexed why CIOs and other IT executives are so concerned about it. "The findings from this report strongly indicate that risk-based security management is still viewed as an IT or security task instead of a business task," says Larry Ponemon, chairman and founder of the Ponemon Institute, which conducted the study on Tripwire's behalf. "Unfortunately, the full value of a risk-based approach to security can only be realized when senior business leaders fully participate in the process." In other words, while companies might be moving in the right direction as it relates to security management, until the business side sees both the value of it, only so much will be accomplished. Tripwire’s findings are based on responses from 1,200 IT professionals.