Managing information risk is a complex business these days, especially when you look at (1) the range of information you need to protect, (2) the breadth of risks you need to mitigate, and (3) the management policies and tools available to today’s IT security professionals to protect that information. However:
“A well-realized information risk management strategy has other benefits [beyond security]: enhanced business agility, competitiveness, efficiency and cost savings.”
In other words, you can’t do without it!!
The problem? According to Deloitte, on
average, only half of the companies surveyed in their annual Global Security and Privacy Survey had formal security
policies or strategies. Not a great foundation on which to build risk management on!
I wrote a recent article in Security Products magazine which confronts these challenges head-on, and provides some tips on navigating the “mind-boggling” task of information risk management.