Risk-Based Security Management Needs More Support

By Don Reisinger  |  Posted 07-18-2013
Print this article   Print this article
Risk-Based Security Management Needs More Support

The Numbers Are Sobering  Just 29% of companies currently have a security risk management strategy in place in their organization.

The average company's commitment to risk-based security management is "significant," according to a new study from compliance management company Tripwire. But there's just one problem: The IT side sees the value of risk-based management, but the business side is still perplexed why CIOs and other IT executives are so concerned about it. "The findings from this report strongly indicate that risk-based security management is still viewed as an IT or security task instead of a business task," says Larry Ponemon, chairman and founder of the Ponemon Institute, which conducted the study on Tripwire's behalf. "Unfortunately, the full value of a risk-based approach to security can only be realized when senior business leaders fully participate in the process." In other words, while companies might be moving in the right direction as it relates to security management, until the business side sees both the value of it, only so much will be accomplished. Tripwire’s findings are based on responses from 1,200 IT professionals.

Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis' Gearlog.com. Since then, he has written extremely popular columns for CNET.com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login Register