Risk-Based Security Strategies: More Concept Than Reality

  /     /     /  
Publicated : 22/11/2024   Category : security


Risk-Based Security Strategies: More Concept Than Reality


Nearly 80 percent of enterprises say they are committed to risk-based security management, but less than half have done anything, Ponemon study says



The vast majority of enterprises believe that a risk-based security strategy is the right way to go, but most of them have not taken any steps to implement such a strategy, according to a study published this week.
According to
The State of Risk-Based Security Management
, a survey conducted by the Ponemon Institute and sponsored by security vendor Tripwire, commitment to risk-based security management (RBSM) is high, but implementation is low.
The study reveals that although more than three-quarters (77 percent) of the organizations in the study claim a significant or very significant commitment to RBSM, their actions do not back up this claim, the study says.
Slightly more than half of respondents (52 percent) report that they have a formal RBSM function, program, or set of activities dedicated to risk-based security management, according to Ponemon. Less than half (46 percent) report that they have deployed any risk management program activities at all. Forty-one percent don’t classify their information according to its importance to the organization.
Among those organizations that do have a formal function, program, or set of activities dedicated to risk management, almost three-quarters (74 percent) have either partially or completely implemented some risk management practices, the study says.
Most organizations are looking to reduce risk by implementing preventive tools and practices, but many do not have tools and practices for detecting threats and compromises once they have penetrated enterprise defenses, Ponemon reports.
It turns out that 80 to 90 percent of the organizations report deploying the majority of the important preventive controls, but only 50 percent report deploying the majority of important detective controls, the survey states.
While many respondents indicated that a lack of resources, skilled personnel, and leadership are barriers to implementing RBSM, Ponemon suggests that the lack of a formal program or strategy is a more significant roadblock.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Risk-Based Security Strategies: More Concept Than Reality