Risk-Based Security Management Needs Improvement

By Don Reisinger  |  Posted 08-26-2013 Email

How do you judge the effectiveness of your security response? It's a question that risk-based security management company Tripwire, along with research firm Ponemon Institute, asked 1,320 IT professionals in a recent survey. One thing is abundantly clear in Tripwire’s The State of Risk-Based Security Management study: IT professionals are still too heavily focused on responsive metrics rather than proactive metrics. "In light of the maturity curve in deployment of risk-based security management, it's not surprising that the majority of organizations are not using metrics oriented toward higher order outcomes," says Larry Ponemon, chairman and founder of the Ponemon Institute. "Respondents are still focused primarily on operational aspects. And, while many executives are focused on more visible outcomes, like reduction in data breaches, very few organizations are tracking more proactive metrics." In other words, companies are not doing enough to safeguard themselves from potential security issues. Granted, that behavior could be due to the fact that budgets and time are short, but it's important to respond quickly and efficiently to security troubles. And on that front, due diligence before security issues occur is just as important as after they surface.

Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis' Gearlog.com. Since then, he has written extremely popular columns for CNET.com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login Register