Doing More Than Paying Risk Management Lip Service
How well does your organization execute on its 'commitment' to guiding security practices through risk management?
"It's easy to commit to concepts, but execution depends on something more concrete," says Tim Erlin, director of IT risk and security strategy for Tripwire. "While the idea of managing information security in alignment with business risks is attractive, there's not a lot of guidance or best practice information to inform execution."
A study out last week sponsored by Tripwire and conducted by the Ponemon institute found that while 81 percent of security and risk professionals in the U.S. said their organizations have a significant commitment to risk-based security management, less than 30 percent actually have a formal risk strategy that is applied across the enterprise. Read full story on Dark Reading
Post a comment to the original version of this story on Dark Reading