Risk-Based Security Strategies: More Concept Than Reality

Nearly 80 percent of enterprises say they are committed to risk-based security management, but less than half have done anything, Ponemon study says

The vast majority of enterprises believe that a risk-based security strategy is the right way to go, but most of them have not taken any steps to implement such a strategy, according to a study published this week.
According to
The State of Risk-Based Security Management
, a survey conducted by the Ponemon Institute and sponsored by security vendor Tripwire, commitment to risk-based security management (RBSM) is high, but implementation is low.
The study reveals that although more than three-quarters (77 percent) of the organizations in the study claim a significant or very significant commitment to RBSM, their actions do not back up this claim, the study says.
Slightly more than half of respondents (52 percent) report that they have a formal RBSM function, program, or set of activities dedicated to risk-based security management, according to Ponemon. Less than half (46 percent) report that they have deployed any risk management program activities at all. Forty-one percent don’t classify their information according to its importance to the organization.
Among those organizations that do have a formal function, program, or set of activities dedicated to risk management, almost three-quarters (74 percent) have either partially or completely implemented some risk management practices, the study says.
Most organizations are looking to reduce risk by implementing preventive tools and practices, but many do not have tools and practices for detecting threats and compromises once they have penetrated enterprise defenses, Ponemon reports.
It turns out that 80 to 90 percent of the organizations report deploying the majority of the important preventive controls, but only 50 percent report deploying the majority of important detective controls, the survey states.
While many respondents indicated that a lack of resources, skilled personnel, and leadership are barriers to implementing RBSM, Ponemon suggests that the lack of a formal program or strategy is a more significant roadblock.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Risk-Based Security Strategies: More Concept Than Reality