Monitoring And Reporting IT Security Risk In Your Organization

  /     /     /  
Publicated : 22/11/2024   Category : security


Monitoring And Reporting IT Security Risk In Your Organization


To implement a risk-based approach to security, you must be able to gauge and report risk. Here are some tips on how to do it right



[Excerpted from Monitoring and Reporting IT Security Risk in Your Organization, a new report posted this week on Dark Readings
Risk Management Tech Center
.]
One of the chief problems facing organizations serious about risk management is the fact that risk changes constantly. Risks increase, diminish or evolve in scope according to a number of factors, including technology changes, business changes, and organizational strategy and direction changes.
As changes come faster and faster because of increases in the pace of technical innovation and business agility, the overall level of risk for any organization rises. This puts organizations that want to approach risk systematically in a bit of a quandary -- specifically, how can changes to risk level be monitored and reflected in future practices and defenses? What risk monitoring and reporting techniques are timely enough to allow organizations to take action?
You need some way to hone your organizations security data into risk calculations -- to ensure that youre harvesting useful inputs, to ensure that you process input at an interval that makes sense and to ensure that youre reporting on it in a way that executives can use. This isnt always easy.
To start, its useful to determine what metrics make the most sense in light of the risk assessment methodology you intend to use. To select the values that are most useful for this purpose, its important to first understand the inputs to the risk management equation individually so you select values that are realistic indicators. Youll need to measure:
* Information about the assets that your organization may use to support the business
* Information about the threats that those assets may encounter in the context of how you will use them
* Vulnerabilities that the assets may have
* Cost and other impacts should these vulnerabilities be exploited
Each piece of information listed here is integral to understanding your overall risk. This means that youll want to think through what you can evaluate to derive values (that are as meaningful as possible) for each one of these areas.
To get a list of possible metrics that your organization can use to measure risk -- and some ideas on how to report them --
download the free report
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Monitoring And Reporting IT Security Risk In Your Organization