[ news_security_news ]
Managing Risk A Risky Business
David Utter
Staff Writer
2008-02-04
 Security News RSS Feed
Security vendor Symantec looked at IT risk management in its report on trends. Availability proved the key idea for security pros.
Keep our systems safe, but above all keep them available. The mantra of availability became the theme for the IT Risk Management report published by Symantec.
Symantec's research lead Jennie Grimes told SecurityProNews the new trend they spotted in a survey of 405 organizations globally found availability topped the list for importance, followed closely by security for IT risks.
"IT risk practitioners are taking a much broader view of risks," said Grimes. Losing availability of key systems rates as being as equal a risk to a bad Sarbanes-Oxler audit.
Out of the survey group, almost 70 percent expect some kind of minor IT failure to happen 10 times in a year. Looking at those expectations from an industry perspective, healthcare had the most expectations for failure, while insurance had the least.
We found that puzzling, since healthcare and insurance share significant patient overlap. Grimes agreed with us that insurance's longer history of having to follow the financial industry may make insurers less likely to trip an audit.
The telecom industry showed the most improvement in risk management, which Grimes hypothesized could be attributed to them starting with better networks. Mobile telcos in particular improved well.
Process failure, spectacularly evidenced by the SocGen bank fiasco in France, may be the biggest concern for risk managers this year. It should be; the worst performing entities in the survey worsened from the year prior.
Combating this challenge would be a low cost endeavor, according to Grimes. She said training and awareness of security processes should provide a 10 percent increase of productivity.
With executives seeking sustainable and repeatable risk management, they should focus on security first, even though availability may be a more visible issue for them.
When it comes to data loss, 46 percent of the survey expected a serious impact if it should happen to them. Contrast the minor issue of someone finding a login page to tap confidential company info, to finding the actual information.
Businesses may not be doing a good job at mitigating this risk. Endpoint security suffers when employees can take data away on laptops and thumb drives. Only a third of those surveyed have a good idea of what those endpoints might contain.
An annual review of processes and risk management is not enough to keep up with threats and fix issues that need attention. Ongoing processes of training people not to engage in risky behavior may be of some help if done throughout the year.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
