Using Risk Assessment To Prioritize Security Tasks And Processes

  /     /     /  
Publicated : 22/11/2024   Category : security


Using Risk Assessment To Prioritize Security Tasks And Processes


Prioritizing security tasks based on real risk measurements can be tough. Heres some advice to get you started



[The following is excerpted from Using Risk Assessment to Prioritize Security Tasks and Processes, a new report posted this week on Dark Readings
Risk Management Tech Center
.]
Information security practitioners are in an increasingly difficult position in most enterprises for several reasons. For one thing, changes in how enterprises adopt, deploy and use technology have raised the complexity bar for the environments that practitioners are charged with defending.
For example, virtualization, cloud and mobile technologies have expanded the footprint of technology in the enterprise -- and along with it the security practitioners scope of responsibility. At the same time, the number of compromise methods is increasing: Attackers have become more sophisticated, there are more of them, and they espouse a variety of motivations.
Given all of this, its clear why the remit of security practitioners is more challenging than it used to be. But despite the rise in environmental complexity, spending is relatively stagnant. For example, the most recent Global State of Information Security Survey from PricewaterhouseCoopers shows that fewer than half of the organizations surveyed expect information security budgets to increase. This is why prioritization is so important in a security context -- not only does security investment need to stretch further, theres less room for error when the stretching occurs.
This question of prioritization then becomes one of the key elements (not to mention benefits) of formalized risk management techniques. For organizations that arent using formalized risk management methods, prioritization is an acutely felt pain point.
But even for organizations that have employed these techniques, technical prioritization often requires further analysis in order for them to be effectively put into practice. In other words, risk management efforts performed at a high level might fail to take into account the specifics of the technical environment, leaving room for interpretation or further prioritization down the line.
In any case, the art of prioritization can help enterprises master the science of security. In this Dark Reading report, we recommend how to adapt elements of risk management that address prioritization in mitigation efforts for use at the technical level. This technique isnt always easy -- and organizations must have some prerequisites in place in order to leverage it fully -- but it is a necessity for security to perform optimally. Its no longer possible to defend everything equally, so focusing on specific, strategic areas of concern is a must.
At a high level, the risk management process can be thought of as iterative, encompassing a number of key steps. These include:
• Identify: The process of determining the possible risks that a given organization might have
• Assess: Determining the degree to which the organization is susceptible
• Mitigate: The process of treating risks -- for example, by avoiding, remediating, transferring or accepting the risk (that is, determining that the risk cannot be practically or practicably offset)
• Monitor: Keeping track of the risk over time to ensure that it doesnt increase, to determine if its exploited and to inform future decision-making if its obviated.
To learn more about the process of risk assessment -- and how to translate the results into a prioritized action list --
download the free report
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Using Risk Assessment To Prioritize Security Tasks And Processes