<img alt="dcsimg" id="dcsimg" width="1" height="1" src="//www.qsstats.com/dcsuuvfw300000gkyg9tnx0uc_3f7v/njs.gif?dcsuri=/index.php/security/slideshows/risk-based-security-management-needs-more-support-05&amp;WT.js=No&amp;WT.tv=10.4.1&amp;dcssip=www.cioinsight.com&amp;WT.qs_dlk=XElrP1Zi2hc63yPNSPzxLQAAABQ&amp;">

Risk-Based Security Management Needs More Support

By Don Reisinger  |  Posted 07-18-2013 Print

The average company's commitment to risk-based security management is "significant," according to a new study from compliance management company Tripwire. But there's just one problem: The IT side sees the value of risk-based management, but the business side is still perplexed why CIOs and other IT executives are so concerned about it. "The findings from this report strongly indicate that risk-based security management is still viewed as an IT or security task instead of a business task," says Larry Ponemon, chairman and founder of the Ponemon Institute, which conducted the study on Tripwire's behalf. "Unfortunately, the full value of a risk-based approach to security can only be realized when senior business leaders fully participate in the process." In other words, while companies might be moving in the right direction as it relates to security management, until the business side sees both the value of it, only so much will be accomplished. Tripwire’s findings are based on responses from 1,200 IT professionals.


A Lack of Strategic Planning  Unfortunately, 46% of IT professionals say that, despite their best efforts, they've been unable to get their organization to adopt a risk-based security management strategy.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.