Wednesday, July 02, 2008

Study Cites Risk Management as Key

Risk management is the key to information security, according to the 2008 Information Week Strategic Security Survey.

The idea is to "focus on the value of data and how likely it is to be compromised, rather than on how the compromise might occur." In other words, assess the risk first, then figure out the technical fix second.

Throwing on technical controls willy-nilly without regard to the level of risk doesn't make sense . It can be costly and hinder the business -- ultimately, turning them against the security they really need.

High risk data on laptops, for example, that might leave the office requires stronger controls than, say, an isolated desktop not connected to the Internet with little customer data.


Post a Comment

<< Home