• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Compliance & Regulations   »   Risk management plans important to business livelihood

Risk management plans important to business livelihood

  • Posted on:August 7, 2012
  • Posted in:Compliance & Regulations
  • Posted by:
    Trend Micro
0

The business world is constantly evolving and the evolution of IT is driving companies to adopt new technologies at an extremely fast pace. During the era of innovation, vulnerabilities and threats grow at an alarming rate, posing problems for any organization that fails to take the proper steps in deterring these concerns.

According to a new guide by InformationWeek Reports, business executives and decision-makers need to establish risk management policies that evaluate and assess the evolving IT landscape. This is no easy task as cloud computing, social media, BYOD (bring your own device) and other trends and technologies continue to disrupt the enterprise. The guide suggests organizations accumulate a high level of understanding associated with IT issues, maintain confidentiality over mission-critical solutions and ensure the availability of applications and data.

Risk management definitions and evaluations

InformationWeek Reports characterizes a threat as something that can cause harm to the organization, while a vulnerability is a weakness that can be exploited by a threat. These subjects are related and evenly contribute to the growing risk landscape.

"It should be made clear at this point that every organization has to live with threats; you cannot eliminate the threat of either lightning strikes or malicious cyber or even physical attacks," author Michael Cobb wrote. "The first task, then, is to identify all the threats to your assets in the scope of the risk assessment."

Decision-makers should classify concerns based on an asset's confidentiality, availability and integrity and how a threat poses challenge to one of these categories. Most companies are able to develop robust physical security policies because of the quantifiable information accumulated on break-ins, vandalism and other incidents. IT security, on the other hand, is much harder to measure, as decision-makers need to balance what is happening while taking into account what is not happening, InformationWeek Reports noted. For example, if an organization has a mobile website that has not been breached, that does not mean it is impenetrable, as there are still potential threats lingering in the shadows.

The guide recommends companies evaluate risks based on one of five categories – negligible, low, medium, high and extreme – based on how likely a risk can exploit sensitive information and solutions. Risk levels should then be compared to specific impact values, which rank threats in accordance to how damaging they can be to an organization and its IT systems.

Threats and data protection tools

Malicious insiders, in particular, pose a major data security risk to an organization. According to a recent TechAmerica study, the growing, unabated presence of internal threats is causing many organizations to question their cybersecurity capabilities.

"Most major data breaches have come from insider, yet most of our resources are directed at outsider threats," one CIO told TechAmerica.

InformationWeek Reports noted that encryption is an important data protection tool, as roughly 48 percent of businesses say it is the most effective way to deter internal and external threats. By taking a data-centric approach to security, organizations can safeguard mission-critical information, regardless of its location.

"Although you cannot eliminate threats, you can reduce the number of vulnerabilities that can be exploited and the likelihood of them being exploited as a way of managing your risk," Cobb stated in the guide. "This is achieved through the implementation of security controls."

As the IT landscape continues to evolve, it will be important for decision-makers and IT departments to do all they can to mitigate risk. By deploying data protection tools and training employees on the importance of these solutions, companies may be able to keep sensitive applications and information safe. Failing to educate workers or implement robust risk management policies can prove fatal for an organization.

Data Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Decision-makers need to find correct approach to risk management
  2. Report: Risk-based security management programs essential for data protection
  3. Risk analysis important for proactive data security
  4. Applying Lean to Information Risk Management

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.