The state of risk-based security management
Posted on 25 June 2013.
Bookmark and Share
A new Ponemon Institute survey covers risk-based security management program governance and maturity and includes 571 U.K. and 749 U.S. respondents from the following areas: IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management.


“The findings from this report strongly indicate that risk-based security management is still viewed as an IT or security task instead of a business task,” noted Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Unfortunately, the full value of a risk-based approach to security can only be realized when senior business leaders fully participate in the process.”

Key findings from the survey include:
  • 77% rated their organizations’ commitment to risk-based security management as ‘significant’ or ‘very significant’
  • 86% identified the minimization of non-compliance as a key business objectives for risk-based security programs and 85% identified the protection of intellectual property
  • 59% say that risk-based security management helps align security programs with business objectives.
However:
  • 48% say their organizations approach or strategy for risk-based security management is non-existent or ‘ad-hoc’
  • 61% say that the business has little or no input involvement in providing risk-based analysis
  • 51% don’t have a risk-based security management program or most program activities have not been deployed
  • Only 27% have a security risk management strategy that is applied consistently across the enterprise.





Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //