Site icon Information Security Buzz

Doing More Than Paying Risk Management Lip Service

is68

While the majority of CISOs may profess a commitment to managing security based on risk management principles, the truth about how they execute on those principles may be a lot more imperfect.

The unfortunate reality, say experts, is that many organizations simply pay risk management lip service, but aren’t really making security decisions based on risk management metrics.

“It’s easy to commit to concepts, but execution depends on something more concrete,” says Tim Erlin, director of IT risk and security strategy for Tripwire. “While the idea of managing information security in alignment with business risks is attractive, there’s not a lot of guidance or best practice information to inform execution.”

SOURCE: darkreading.com

About the Author

Exit mobile version