informa
/
1 MIN READ
Commentary

Risk Assessments In Information Security

When I read a book like Against The Gods: The Remarkable Story Of Risk, my wife sees it as proof of just how hopelessly boring I am. But it's actually a lively book, exploring how the understanding and quantifying of risk became a foundation for decision making in business and other disciplines. Which makes it's a good read for anyone responsible for information security strategy or implementation.
When I read a book like Against The Gods: The Remarkable Story Of Risk, my wife sees it as proof of just how hopelessly boring I am. But it's actually a lively book, exploring how the understanding and quantifying of risk became a foundation for decision making in business and other disciplines. Which makes it's a good read for anyone responsible for information security strategy or implementation.We publish our annual information security survey this week, and, in analyzing the results, InformationWeek's Mike Fratto lays out a powerful case for why risk assessments must lie at the heart of security strategy. Anything else is wasting money, and probably not delivering the security that companies want.

Here's a taste from our exclusive research. Despite steady or increasing spending, only a third of IT security pros say they've reduced the risk of security breaches at their companies in the past year. Seven out of 10 companies use risk assessments for security, though just 41% of those use them to strategically drive budgets and planning. The risk assessment initiative is being driven in equal numbers by the CEO and the CIO. And of those with such initiatives, more than two-thirds think it will save the company money.

And, hey, there's nothing boring about saving money, right? Let us know how well companies are using risk management to drive IT security decisions.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing