Strategic CIO // Executive Insights & Innovation
Commentary
7/1/2008
06:01 PM
Chris Murphy
Chris Murphy
Commentary
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Risk Assessments In Information Security

When I read a book like Against The Gods: The Remarkable Story Of Risk, my wife sees it as proof of just how hopelessly boring I am. But it's actually a lively book, exploring how the understanding and quantifying of risk became a foundation for decision making in business and other disciplines. Which makes it's a good read for anyone responsible for information security strategy or implementation.

When I read a book like Against The Gods: The Remarkable Story Of Risk, my wife sees it as proof of just how hopelessly boring I am. But it's actually a lively book, exploring how the understanding and quantifying of risk became a foundation for decision making in business and other disciplines. Which makes it's a good read for anyone responsible for information security strategy or implementation.We publish our annual information security survey this week, and, in analyzing the results, InformationWeek's Mike Fratto lays out a powerful case for why risk assessments must lie at the heart of security strategy. Anything else is wasting money, and probably not delivering the security that companies want.

Here's a taste from our exclusive research. Despite steady or increasing spending, only a third of IT security pros say they've reduced the risk of security breaches at their companies in the past year. Seven out of 10 companies use risk assessments for security, though just 41% of those use them to strategically drive budgets and planning. The risk assessment initiative is being driven in equal numbers by the CEO and the CIO. And of those with such initiatives, more than two-thirds think it will save the company money.

And, hey, there's nothing boring about saving money, right? Let us know how well companies are using risk management to drive IT security decisions.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.