| |||||||||
| |||||||||
Current Filter: >>>>>> At your own risk… Editorial Type: Industry Focus Date: 01-2014 Views: 4418 Key Topics: Security Risk management Cybercrime Security as a Service Cloud Big Data Key Companies: SureCloud Ovum Espion Key Products: Key Industries: Government | |||
| Keeping business systems safe and protecting your data has never been more difficult to achieve. And it is only likely to become harder. Getting the right risk management strategy in place is critical Embracing an appropriate information risk management strategy within your organisation, can, if implemented appropriately, lead to significant advantages, according to John Hetherton, senior consultant at Espion. These include:
• Accurate prioritisation of resources to implement controls, reduce risks and maximise business benefits "These advantages may result in reduced downtime, increased services and profitability levels, which often justify the spend associated with introducing an information risk management program. When establishing objectives for an information risk management program, it is important to ensure that the objectives align with those of the organisation's strategy and that the risk management program is integrated into the culture of the organisation, as opposed to running autonomously or as an afterthought to an existing process." To this end, Hetherton says, before adopting a risk management strategy, it is important to understand the most critical processes within the organisation; what information and systems those processes rely on, and the nature of the internal and external factors that may impact those processes. "Generally, the most important processes within an organisation are those that facilitate revenue generation and regulatory and legal requirements, which, if not met, may result in the cessation of business.
INFLUENCING FACTORS There are many frameworks, such as ISO 27005, that can be tailored to account for the nature of the any business, its operating environment and crucially that prioritise protecting critical business processes, and those systems and information that facilitate the critical business processes, he adds. "For instance, if your organisation is required by service level agreements to maintain availability of 99.9%, prioritisation of resources should be allocated to ensure that multiple redundant network links and hot sites are available that facilitate meeting the contractual requirements."
TOOLS FOR ALL BUDGETS "Independent of the tools used, in order for risk management to be effective, the culture of risk management must be adopted across the organisation, with a consistent approach being pushed from the top down."
TOUGH TASK
| ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |