WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

The state of risk-based security management

The Ponemon Institute has published the first results from an extensive survey into the subject of risk-based security management. The survey was sponsored by Tripwire, Inc. The survey respondents included 749 US and 571 UK professionals in the following areas: IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management.

The results of the survey are being released in five parts over the next two months.

The initial survey results published highlight the results from the question: “In your opinion, is information security risk management an ‘art’ or ‘science’?” For the purposes of the survey, ‘art’ was defined as analysis and decision-making based on intuition, expertise and a holistic view of the organization. ‘Science’ refers to risk analysis and decision-making based on objective, quantitative measures.

Overall 66 percent of IT and enterprise risk managers and 62 percent of business operations respondents answered ‘art’ and 62 percent of IT security and 56 percent of IT operations said ‘science.’

Findings by industry sector included:

  • 58 percent of all respondents in the services sector and 59 percent of overall respondents in the industrial sector said ‘science’
  • 48 percent of all respondents in the healthcare and pharmaceutical sector and 47 percent of all technology and communications respondents answered ‘art.’

“The findings for this question really demonstrate the diversity of opinion on the application of risk-based security management in the enterprise,” noted Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “The majority of organizations surveyed continue to be committed to the values risk-based security management can deliver, but differences of opinion on how to approach the problem complicate the communication and collaboration necessary to derive maximum benefit from it.”

•Date: 11th June 2013 • World •Type: Article • Topic: Enterprise risk management

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here