Risk Assessments In Information Security

When I read a book like <i>Against The Gods: The Remarkable Story Of Risk</i>, my wife sees it as proof of just how hopelessly boring I am. But it's actually a lively book, exploring how the understanding and quantifying of risk became a foundation for decision making in business and other disciplines. Which makes it's a good read for anyone responsible for information security strategy or implementation.

Chris Murphy, Editor, InformationWeek

July 1, 2008

1 Min Read
InformationWeek logo in a gray background | InformationWeek

When I read a book like Against The Gods: The Remarkable Story Of Risk, my wife sees it as proof of just how hopelessly boring I am. But it's actually a lively book, exploring how the understanding and quantifying of risk became a foundation for decision making in business and other disciplines. Which makes it's a good read for anyone responsible for information security strategy or implementation.We publish our annual information security survey this week, and, in analyzing the results, InformationWeek's Mike Fratto lays out a powerful case for why risk assessments must lie at the heart of security strategy. Anything else is wasting money, and probably not delivering the security that companies want.

Here's a taste from our exclusive research. Despite steady or increasing spending, only a third of IT security pros say they've reduced the risk of security breaches at their companies in the past year. Seven out of 10 companies use risk assessments for security, though just 41% of those use them to strategically drive budgets and planning. The risk assessment initiative is being driven in equal numbers by the CEO and the CIO. And of those with such initiatives, more than two-thirds think it will save the company money.

And, hey, there's nothing boring about saving money, right? Let us know how well companies are using risk management to drive IT security decisions.

About the Author

Chris Murphy

Editor, InformationWeek

Chris Murphy is editor of InformationWeek and co-chair of the InformationWeek Conference. He has been covering technology leadership and CIO strategy issues for InformationWeek since 1999. Before that, he was editor of the Budapest Business Journal, a business newspaper in Hungary; and a daily newspaper reporter in Michigan, where he covered everything from crime to the car industry. Murphy studied economics and journalism at Michigan State University, has an M.B.A. from the University of Virginia, and has passed the Chartered Financial Analyst (CFA) exams.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights