Best tips for risk management


An Executive Overview Of Enterprise Security

The cold war was political. It's over. WorldProactively preparing your busi­ness with
War III is an economic war. It's here - it'sa comprehensive security as­sessment and
now. Information is where the money is andplan is far less expensive. According to
theft is easy, safe, and lucrative.David Bauer, first vice pre­sident, chief
Eavesdropping and other high tech relat­edinformation security and privacy officer at
crimes are difficult to enforce and prove.Merrill Lynch, a key component of any
Advancements in electronics and opticalstrategy is a dynamic risk assessment. By
electronics have made communi­cationsusing tools such as scanners, log analysis,
interception easy and cheap. Business ethicsrisk metrics and asset inventory that produce
don't have the same value as they did in thea biweekly security report you can more
good old days of the "deck of punch cards"quickly analyze and prioritize current or
computing.poten­tial threats. This approach allows
organi­zations to move from a
IT and business security is becoming more andcircle-the-wagons approach to intelligent
more critical in today's commercialrisk  management.
environment. Every day we are faced with new
computer risks, viruses and new "ideas" fromWith an intelligent risk manage­ment
hackers on how to gain ac­cess to oursolution the percentage of the IT budget that
network or other systems or physicalneeds to be spent on effective risk
locations. Fortunately, there are even moreprotection is actually far less than what
sophisticated business solu­tions outyour competitors will be forced to spend. The
there that can be implemented to secure usanswer is not about how much you spend but
from these dangers. These can be anythinghow well you spend it. This way about half
from simple firewalls up to very expensivethe spend­ing is advisory, helping build
encryption and biometric authenticationsecure systems, while the rest goes toward
solutions or remote com­municationrisk management, prevention and response. For
modules. These new business realities affectinstance it is easy to get somebody's
you as much as it does your competitor - nopassword, so the damage that can be done by
matter what your line of business. Thean individual has to be as small as possible.
question is how can you protect yourWilliam Farrow, CIO at the Chicago Board of
organization, no matter how large or small,Trade, told how a woman cleaning a conference
from the known and unknown security dangersroom be­came suspicious of a laptop left
and risks to remain as competitive, andrunning overnight. She reported it to
therefore  profitable  as  possible?security, and it was later discovered that
some­one had left the laptop running port
What about all the other business risks thatscanning software aimed at penetrating the
are also getting more sophisticated? Have youcorporate computer network. In this case even
considered all the risks that cannot hean employee at the lowest level of the
covered by technology? What about the humancorporate structure was made aware of the
side of business? No business can functionpotential damage that can be done to the
without the human touch. Yet how do you knoworganization with a security breach. In
when that necessary "human touch" is about tocorporate or IT security, emotional
reach out and touch you in the form of anreactions, panic and legislation are
"insider" attack? Have you thought about yourcounterproductive. But intelligent approaches
employees behind the technology? How aboutcan safe­guard your organization or
social re-engineering forces or disgruntledbusiness from an uncertain future and
employees? When did you have your lastsubstan­tial  financial  losses.
corporate risk assessment completed or even
considered  if  ever?If you ask CEO's of large corporations, who
have gotten even low-level employees to be
As a person you are prepared for thesavvy about security, you get advice on
unexpected: you face the unexpected severalemployee education: "Make it a part of daily
times a day without giving it a secondconversation in every project meeting. Make
thought. You follow the rules of the roadit clear that every project has
when you drive because you know it is theresponsibility for security. You have to make
right thing to do. You pur­chase insuranceit part of day-­to-day operations."
for yourself and your car, carry healthAdherence to clear­ly defined security
insurance and life insur­ance because youprinciples should be a part of each employees
know it is the right thing to do for yourcontract. It is also important to publicize
family. Unfortunately, with many of theemployee­ caused security incidents
business risks of today there is no "redinternally, not necessarily naming the
light, green light" to tell us when to stopemployee who made a mistake, but doing it in
arid when to go. But how can you say you area way that others learn from the error. Those
sorry enough to your customers, when you haveorganizations or businesses that have evolved
to tell them some hacker has posted theira system of process improve­ment as a
credit card number on the hackers web site?natural consequence of their business demands
When it comes to your organization orare those organiza­tions or businesses
business, have you put the same level ofthat  will  excel  and win the security wars.
consideration into how your employees and
customers will continue to rely on you shouldThe main key be­tween companies that have
the  unexpected  happen?implement­ed a dynamic security plan and
those who have not is: preparation.
If you're like the Senior Executive or ownerPrepara­tion requires a focus on risk
of most companies, the answer may be amanage­ment, intelligence-driven
frightening "No, we have never had anyidentification, prevention and response. A
comprehensive business risk assess­mentgood organizational or business security
completed." Or worse yet, perhaps you have astrategy is built around these
false sense of security in a plan that wasprinci­pals: threat management, including
developed several years ago. With all we hearin­telligence, planning and instant
about how high the price of security can bere­sponse; comprehensive security
these days you may find yourself saying,services; attention to public policy,
"Investing in a security and privacy solutionin­cluding active attempts to educate
is expensive; too expensive for ourleg­islators; and an agile response to the
organization or business right now." But canchanging risk environment. After all, as we
you afford to risk spending more than 15,have learned, an intelli­gent security
times the cost of preventing a securityresponse needs to be everyone's
breach or a communications breakdown when theresponsibility and it is not always limited
unforeseen  does  in  fact  hap­pen?to technology and IT se­curity that
matters the most.



1 A B C D 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112