New risks must be valued

Share this article:
New risks must be valued
New risks must be valued

IT trends –cloud, social networking and BYOD – are making the practice of security management complex, and are forcing organizations to shift to a risk-management perspective.

The purpose of risk management is to better enable smarter decisions. Good risk management must underpin all security strategy, and yet it is often overlooked in the pressure to “do something.” Communicating risk to senior stakeholders is challenging, and vague categories of “high, medium, low” risk can undermine, rather than support, security programs. 

Today's security teams cannot be seduced by the “sexy” aspects of risk. Worrying about APTs may get you a meeting with the board, but failures in the basics of patch management, protection against SQL injection, privileged user monitoring and the like, will be the cause of breaches and negative publicity that undermine corporate reputations.

Getting a handle on the basics is difficult today. While adopting cloud or BYOD can have a great impact on IT costs, employee productivity and even worker morale, there is little to nothing in the way of data to understand what the risks are, let alone how serious they may be. 

There are a lot of vested interests in both talking up and playing down the risks of all of these industry trends, making the problems to risk management that much harder to overcome. So, organizations are left to puzzle out the right approach. Businesses, IT organizations, vendors and industry bodies need to be both open and collaborative in the way we build risk management capabilities. Failure to do so will damage the ability of businesses to be competitive, for government agencies to serve their constituents and for IT vendors to retain the trust of their customers. And those are the real risks.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.