Risk Assessments In Information Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // CIO Insights & Innovation
Commentary
7/1/2008
06:01 PM
Chris Murphy
Chris Murphy
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Risk Assessments In Information Security

When I read a book like Against The Gods: The Remarkable Story Of Risk, my wife sees it as proof of just how hopelessly boring I am. But it's actually a lively book, exploring how the understanding and quantifying of risk became a foundation for decision making in business and other disciplines. Which makes it's a good read for anyone responsible for information security strategy or implementation.

When I read a book like Against The Gods: The Remarkable Story Of Risk, my wife sees it as proof of just how hopelessly boring I am. But it's actually a lively book, exploring how the understanding and quantifying of risk became a foundation for decision making in business and other disciplines. Which makes it's a good read for anyone responsible for information security strategy or implementation.We publish our annual information security survey this week, and, in analyzing the results, InformationWeek's Mike Fratto lays out a powerful case for why risk assessments must lie at the heart of security strategy. Anything else is wasting money, and probably not delivering the security that companies want.

Here's a taste from our exclusive research. Despite steady or increasing spending, only a third of IT security pros say they've reduced the risk of security breaches at their companies in the past year. Seven out of 10 companies use risk assessments for security, though just 41% of those use them to strategically drive budgets and planning. The risk assessment initiative is being driven in equal numbers by the CEO and the CIO. And of those with such initiatives, more than two-thirds think it will save the company money.

And, hey, there's nothing boring about saving money, right? Let us know how well companies are using risk management to drive IT security decisions.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll