Doing More Than Paying Risk Management Lip Service

image

A posting from Dark Reading in there risk management section:  While the majority of CISOs may profess a commitment to managing security based on risk management principles, the truth about how they execute on those principles may be a lot more imperfect. The unfortunate reality, say experts, is that many organizations simply pay risk management lip service, but aren’t really making security decisions based on risk management metrics.
“It’s easy to commit to concepts, but execution depends on something more concrete,” says Tim Erlin, director of IT risk and security strategy for Tripwire. “While the idea of managing information security in alignment with business risks is attractive, there’s not a lot of guidance or best practice information to inform execution.”

To read more click here:

Be the first to comment

Leave a Reply

Your email address will not be published.


*


error: Content is protected !!