Please wait while the page is being loaded Skip this advertisement >
Thursday | 4 December, 2008
CIO
Tips for Managing IT Risks
Scott Crawford, a security expert and research director with Enterprise Management Associates, offers his advice for minimizing security risks within IT
Katherine Walsh 20 May, 2008 11:42:32

Understand the risk. IT creates business risk, notes Scott Crawford, a security expert and research director with Enterprise Management Associates. Knowing what those risks are is the first step in managing them. The increasingly prevalent insider threat should be addressed through access control and identity management systems.

Treat IT risk management as a business investment. Aligning IT risks with business requirements will help you allocate the resources you need to manage those risks, Crawford says.

Reevaluate risks regularly. Periodic reevaluation of risks and controls should be part of any business's IT control strategy, not just when a problem occurs. Nevertheless, you should reevaluate your risk management strategies if your controls fail, as they apparently did at Société Générale.

Use the right controls, and make them secure. You can have all the controls in the world, but if they can be easily compromised they won't do you much good. Likewise, if you have the wrong controls, or not enough of them, you're equally ill-equipped to manage risk. Implement the proper controls and grant access to your systems to only the right people, Crawford advises. Then monitor and constantly reevaluate the controls.

Compliance isn't the same as security. Securing your systems and data may make you compliant, but being compliant doesn't necessarily make you secure. If your controls satisfy your regulatory requirements, but don't mitigate risk, then they are not adequate.

More about Enterprise Management Associates
Related Topics
(Management)
(Security)
Additional Resources
Executive Guides
Whitepapers
white paper Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Newsletter Subscription
Sign up for our CIO newsletters!
RSS Feeds
Featured Whitepaper Sponsors
  • White Paper
    Everything you need to know about email and web security (but were afraid to ask)
    What you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
  • White Paper
    Email Archiving 101—Customer Case Study
    Join Lee Benjamin, a Microsoft Exchange MVP and Ryan Shipkowski, network administrator for Matthews, to discuss the process and ROI of implementing an email archiving solution, with emphasis on a case study from Matthews International.
  • White Paper
    Realizing the Value of Unified Communications
    Discover how the integration of disparate technologies in your company can lead to greater user productivity, improved management, lower costs, higher efficiency, and easier risk mitigation.
Market Place
New webcast | Discover the advantages of an open architecture multi-vendor network solution | View now
Discover why Ubiquitous Mobility is a key future component of Network Architecture | Download Forrester report now
IDC Report | IT Service Management Needs and Adoption Trends | Download now
Learn to use EMC Celerra IP Storage with Vmware Infrastructure 3 over iSCSI and NFS | Download white paper now
Discover best practice strategies for the archival and removal of .PST files using email archiving
IDC Report | Making the Business Case for IT Consolidation | Download now
Understand the Value of Unified Communications | Download white paper now
Level the playing field. Report unlicensed software. $5000 reward. Contact the BSA today.
CRM Webcast: Learn how to find a CRM solution that fits into your existing business environment. Tune in now.
Discover best practice strategies for the archival and removal of .PST files using email archiving
Learn how to prioritize services with IT Service Management (ITSM). Watch the Computerworld webinar now!
 

Smart SOA World Tour

Discover how SOA can create smarter outcomes for your business.

Attend and learn:

  • How SOA is helping leading companies to become more agile
  • Where you should be applying SOA processes in your company
  • The top SOA implementation mistakes to avoid

Click here for more information.
  • +

    CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00

    For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders.
    [ MP3 (7.32 MB) | Windows Media (5.67 MB) ]
  • +

    CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25

    For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders.
    [ MP3 (7.56 MB) | Windows Media (5.14 MB) ]
  • +

    CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00

    Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
    [ MP3 (4.90 MB) | Windows Media (4.40 MB) ]
  • +

    CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00

    Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
    [ MP3 (5.89 MB) | Windows Media (4.84 MB) ]
  • +

    CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05

    Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
    [ MP3 (6.41 MB) | Windows Media (5.13 MB) ]
  • +

    SOA What? Why You Need SOA Governance Framework 04 December, 2008 08:32:00

    Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes.
  • +

    The Myth of Cloud Computing 04 December, 2008 08:25:00

    Why the rapid spread of virtual technology is becoming a security risk
    Why the rapid spread of virtual technology is becoming a security risk.
  • +

    Who Pushed Vendors Toward Better Security? 04 December, 2008 09:38:00

    Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson
    Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson.
  • +

    CPO & CISO: A Comprehensive Approach to Information 04 December, 2008 08:42:00

    GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.
    GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.
  • +

    Virtually every Windows PC at risk, says Secunia 04 December, 2008 08:00:00

    Almost all PCs scanned by patch tool have an unpatched app; 46% have 11-plus.
    More than 98% of Windows computers harbor at least one unpatched application, and nearly half contain 11 or more programs at risk from attack, a Danish security company said Wednesday.
CIO Webcast Innovation #8 - What are the biggest roadblocks to IT's involvement in innovation at your company?
Watch the latest latest edition of CIO Innovation which is now available for download.
Watch the webcast
Sign up to the CIO Innovation update email


CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II
Listen to the latest edition of CIO Live which is now available for download.
Listen to the podcast
Sign up to the CIO Live email
Get a job Careerone
Whitepaper


Read Whitepaper

Enterprise Wireless WLAN Security

Learn more about the security challenges to be faced when defining and implementing security mechanisms within diverse wired and wireless network environments. Download this must-read guide to plan your wireless data protection strategy now.