• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Privacy & Policy   »   Report: Risk-based security management programs essential for data protection

Report: Risk-based security management programs essential for data protection

  • Posted on:October 10, 2012
  • Posted in:Privacy & Policy
  • Posted by:
    Trend Micro
0

As the IT landscape evolves, companies are leveraging new tools and solutions in an effort to enhance mobility and productivity. In doing so, organizations may be able to gain a competitive advantage over rival firms, which will be important in the increasingly competitive private sector.

While the era of innovation can help companies boost efficiency, the growing adoption of cloud computing, virtualization and mobile trends also raises the potential for breaches caused from vulnerabilities. As a result, it is important that decision-makers incorporate risk into their daily operations to mitigate concerns associated with the IT landscape.

According to a new global study by the Ponemon Institute, however, many organizations in the U.K. are taking the wrong approach to risk-based security management (RBSM).

Deploying the wrong metrics will yield irrelevant strategies

The report found that the majority of U.K. companies evaluate RBSM programs on cost. While reducing expenses is important in today's struggling economy, it should not be the primary focus for data security initiatives.

The Ponemon Institute noted that following cost metrics can encourage the wrong behavior in a business as decision-makers will look for the least expensive solutions to protect mission-critical information and applications. In many cases, these tools are not as effective as more expensive services, resulting in a false sense of security and increasing the number of infrastructure vulnerabilities.

Instead of focusing on price, decision-makers must base their programs on the quality of controls used to safeguard valuable resources. If companies neglect to use the right metrics, it will be impossible for them to establish how well they are protecting solutions.

RBSM is necessary in today's business world

Companies need to maintain a strong commitment to RBSM programs and follow through on initiatives. The survey noted that approximately 72 percent of U.K. organizations say they are committed to RBSM, yet more than 50 percent have not implemented a formal policy, according to the Ponemon Institute. Among the businesses that do have strategies in place, many are taking the wrong approach.

The report noted that many U.K. firms are implementing robust preventative controls, which enhance data protection by limiting unauthorized access to mission-critical assets. While this is important, too many companies are neglecting to deploy detection solutions. As a result, an organization is only as strong as the tools used to safeguard resources because IT departments will not be able to identify or monitor virtual environments.

By taking a balanced approach to RBSM, companies will be able to prevent and detect anomalies more effectively and strengthen overall security.

"We believe risk-based security management will transform organizations' approach to protecting critical information assets and technologies from one that is reactive to proactive," Ponemon Institute founder Larry Ponemon said.

Insider threat evaluations differ between countries

The report noted that nearly three-quarters of businesses in the United States claim malicious insiders are a serious threat to IT security. In the U.K., however, only 49 percent of organizations feel insiders pose a danger to mission-critical assets.

It is imperative that companies do not take downplay any potential threat, especially insiders. Decision-makers need to protect the "crown jewels" of the organization first and learn from past mistakes, a separate InformationWeek report said.

"If you experience an attack, you're not alone, but learn from it," Dawn Cappelli, the technical manager at Carnegie Mellon University's CERT insider threat center, said, according to InformationWeek.

Risk management programs should also include employee training sessions that teach individuals how to properly use new solutions.

By following through with a risk-based security management program, companies can mitigate concerns associated with insiders and new technologies. As a result, organizations can embrace innovative trends without the concern of exposing sensitive data and systems.

Data Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Technology essential to enterprise-wide risk management programs
  2. Key management essential to successful cloud encryption strategies
  3. Risk management plans important to business livelihood
  4. Expert identifies common security risk management mistakes

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.