BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: >>>>>>

PREVIOUS

   Current Article ID:3199

NEXT



At your own risk…

Editorial Type: Industry Focus     Date: 01-2014    Views: 4418   












Keeping business systems safe and protecting your data has never been more difficult to achieve. And it is only likely to become harder. Getting the right risk management strategy in place is critical

Embracing an appropriate information risk management strategy within your organisation, can, if implemented appropriately, lead to significant advantages, according to John Hetherton, senior consultant at Espion. These include:

• Accurate prioritisation of resources to implement controls, reduce risks and maximise business benefits
• Reducing the likelihood and impacts of a risk to an acceptable level
• Being adequately prepared to manage incidents when they do occur
• Increased oversight of risk from internal and external threat sources.

"These advantages may result in reduced downtime, increased services and profitability levels, which often justify the spend associated with introducing an information risk management program. When establishing objectives for an information risk management program, it is important to ensure that the objectives align with those of the organisation's strategy and that the risk management program is integrated into the culture of the organisation, as opposed to running autonomously or as an afterthought to an existing process."

To this end, Hetherton says, before adopting a risk management strategy, it is important to understand the most critical processes within the organisation; what information and systems those processes rely on, and the nature of the internal and external factors that may impact those processes. "Generally, the most important processes within an organisation are those that facilitate revenue generation and regulatory and legal requirements, which, if not met, may result in the cessation of business.

INFLUENCING FACTORS
"The internal and external context of an organisation must also be well understood, generally by means of conducting assessments on internal and external factors that may influence the organisation's approach to risk." Factors to be considered include the mission and main activities of the organisation; the cultural, economic, legal and regulatory nature of the operating environment; perceptions and brand; governance and organisational policies; and organisational capabilities to manage security.

There are many frameworks, such as ISO 27005, that can be tailored to account for the nature of the any business, its operating environment and crucially that prioritise protecting critical business processes, and those systems and information that facilitate the critical business processes, he adds.

"For instance, if your organisation is required by service level agreements to maintain availability of 99.9%, prioritisation of resources should be allocated to ensure that multiple redundant network links and hot sites are available that facilitate meeting the contractual requirements."

TOOLS FOR ALL BUDGETS
As the activities of different organisations vary dramatically, it can often be difficult for an organisation to obtain a holistic view of information risk, Hetherton points out. "To ease the burden of risk management, a number of tools have been developed to suit almost every budget. Costs vary for risk management tools, ranging from hundreds of thousands of pounds for some enterprise-level platforms to hundreds of dollars for basic entry-level risk management platforms. Generally, the cost of risk management tools increase, based on the types and number of information sources that are correlated in order to show the holistic risk view.

"Independent of the tools used, in order for risk management to be effective, the culture of risk management must be adopted across the organisation, with a consistent approach being pushed from the top down."

TOUGH TASK
Keeping business systems safe and protecting the data that they hold has never been more difficult to achieve, points out global analyst firm Ovum. It is a commitment that continues to be threatened by security attacks ranging from opportunistic hackers using pre-built tools through to targeted, well-resourced, state-sponsored cyber activity.



Page   1  2  3

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT