Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Tips for Managing IT Risks

Scott Crawford, a security expert and research director with Enterprise Management Associates, offers his advice for minimizing security risks within IT

Understand the risk. IT creates business risk, notes Scott Crawford, a security expert and research director with Enterprise Management Associates. Knowing what those risks are is the first step in managing them. The increasingly prevalent insider threat should be addressed through access control and identity management systems.

Treat IT risk management as a business investment. Aligning IT risks with business requirements will help you allocate the resources you need to manage those risks, Crawford says.

Reevaluate risks regularly. Periodic reevaluation of risks and controls should be part of any business's IT control strategy, not just when a problem occurs. Nevertheless, you should reevaluate your risk management strategies if your controls fail, as they apparently did at Société Générale.

Use the right controls, and make them secure. You can have all the controls in the world, but if they can be easily compromised they won't do you much good. Likewise, if you have the wrong controls, or not enough of them, you're equally ill-equipped to manage risk. Implement the proper controls and grant access to your systems to only the right people, Crawford advises. Then monitor and constantly reevaluate the controls.

Compliance isn't the same as security. Securing your systems and data may make you compliant, but being compliant doesn't necessarily make you secure. If your controls satisfy your regulatory requirements, but don't mitigate risk, then they are not adequate.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Enterprise Management Associates

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Consolidated Storage for Virtualised Server Environments
    This research brief is based on a recent Tech Target survey with more than 200 storage administrators and IT professionals in mid-sized and enterprise-class companies, and focuses on how these decision-makers view the storage-related challenges that result from server virtualisation. See the results.
    Learn more »
  • Case Study: Danske Bank Group improves efficiency and reduces time to market
    Danske Bank Group wanted to deliver new services faster. It sought to reduce time to market from approximately 14 months to nine months and increase IT development efficiency by 10 percent. Find out more.
    Learn more »
  • Look both ways - Protecting your data with content inspection
    Today’s threat environment is as dynamic as the business world in which we operate. As the communications channels we use continue to proliferate and evolve, so too have the vulnerabilities. Finding the right balance between ensuring the security of sensitive data, enabling the free flow of information and making full use of the latest web-based technologies can be a challenge. Deep content inspection is a vital layer in any unified information security strategy, helping organisations to take control over their information assets while proactively protecting against malware and data leakage. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.