Closing the IT security risk management gap: 3 Ways to connect IT & the Board
It is generally understood these days that it is impossible to deliver perfect security - indeed it has become the accepted wisdom that security is a ‘managed' risk, there will never be enough time, money or people resources to deliver security perfection. Not only does the technology change all the time, but so does the attack surface and so do the techniques of the attackers, who deploy ever more sophisticated methods to achieve their goal: the high value information or IP that they can turn to their financial or commercial advantage.
Accordingly, organisations audit their processes, people and technology, catalogue risk and data assets, and make spending and resource allocations on the basis - rolling the dice with an eye to the odds. The good news is that pretty much every major UK enterprise - public or private - is on board with the need for audit and proper process. The not so good news is that whilst half of UK plc is quietly confident that the bets have been placed right, and risk has been managed, the other half have quite severe doubts - they know their process is lip-service.
When Computing surveyed readers we found a startling difference between these security haves and the have-nots. Join us, and our expert panel, as we discuss just exactly why some IT teams make the business case successfully and ensure that sufficient budget is granted and that it is invested in the optimum areas - whilst some don't - and what you need to do to turn process into something meaningful that actually delivers improved confidence.
• Stuart Sumner - Editor of Computing
• John Leonard - Research Editor of Computing
• Mark Sparshott - EMEA Director for Proofpoint
• Graham Cluley - Security Analyst, grahamcluley.com
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed