Risk-Based Security Management Needs More Support

By Don Reisinger  |  Posted 07-18-2013
Print this article  
Risk-Based Security Management Needs More Support

Little or No Business Involvement   Sixty-two percent of IT professionals report that the business side in their organizations has little or no involvement in assessing corporate security risk.

The average company's commitment to risk-based security management is "significant," according to a new study from compliance management company Tripwire. But there's just one problem: The IT side sees the value of risk-based management, but the business side is still perplexed why CIOs and other IT executives are so concerned about it. "The findings from this report strongly indicate that risk-based security management is still viewed as an IT or security task instead of a business task," says Larry Ponemon, chairman and founder of the Ponemon Institute, which conducted the study on Tripwire's behalf. "Unfortunately, the full value of a risk-based approach to security can only be realized when senior business leaders fully participate in the process." In other words, while companies might be moving in the right direction as it relates to security management, until the business side sees both the value of it, only so much will be accomplished. Tripwire’s findings are based on responses from 1,200 IT professionals.

Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis' Gearlog.com. Since then, he has written extremely popular columns for CNET.com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.