Federal agencies improve security, FISMA report says
Federal agencies improve security, FISMA report says

This month we look at risk and policy management. It is quite proper that these two product types would fall into the same group. One cannot manage risk without policy, and applying policies uniformly across the enterprise can be a daunting task. But it need not be if we look at the products in this month's collection.

The old process of assessing risk, creating policies, applying policies and monitoring/managing risk through policy management takes on new dimensions when we talk about very large enterprises. The act of keeping everything patched properly and currently is, by itself, a huge challenge. And, by the way, that “old” process is still as good today as it was in years and decades past. The fundamentals don't change – only their application alters with time and complexity of systems.

As systems become larger and more complex, our task becomes more difficult. This year, we note that we have a far larger field from which to select products. In years past, risk and policy management was left to the giants, and their customers were pretty giant as well. Currently, we have a very large batch and we can see that we are moving in the direction of risk and policy management for all, no matter what size the organization is.

Too, today's risks are different from the old risks, but the same risk management process still applies. The only differences today are that the risks can be greater, the vulnerabilities are coming at us faster and the process of managing risk has become equally complex. Note that I said the process is more complex – not that it is different. We still need to do the same things. However, now we need to do more of it and do it faster. 

So, we'll take a nice deep dive into risk and policy management and we'll see how the market is reshaping itself as threats become more universal. To do that we welcome back two of our veteran reviewers, Mike Lipinski and Mike Stephenson. As in years past they have split this product group down the middle with one taking risk and the other taking policy. We appreciate the return of our old pros, even if only for a review or two. So welcome back, Mike2!