Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
Feature
Tips for Managing IT Risks
Scott Crawford, a security expert and research director with Enterprise Management Associates, offers his advice for minimizing security risks within ITApril 25, 2008 — CIO — Understand the risk. IT creates business risk, notes Scott Crawford, a security expert and research director with Enterprise Management Associates. Knowing what those risks are is the first step in managing them. The increasingly prevalent insider threat should be addressed through access control and identity management systems.
Treat IT risk management as a business investment. Aligning IT risks with business requirements will help you allocate the resources you need to manage those risks, Crawford says.
Reevaluate risks regularly. Periodic reevaluation of risks and controls should be part of any business's IT control strategy, not just when a problem occurs. Nevertheless, you should reevaluate your risk management strategies if your controls fail, as they apparently did at Société Générale.
Use the right controls, and make them secure. You can have all the controls in the world, but if they can be easily compromised they won't do you much good. Likewise, if you have the wrong controls, or not enough of them, you're equally ill-equipped to manage risk. Implement the proper controls and grant access to your systems to only the right people, Crawford advises. Then monitor and constantly reevaluate the controls.
Compliance isn't the same as security. Securing your systems and data may make you compliant, but being compliant doesn't necessarily make you secure. If your controls satisfy your regulatory requirements, but don't mitigate risk, then they are not adequate.
Other stories by Katherine Walsh
© 2008 CXO Media Inc.
Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services
5 Steps to Successful IT Consolidation
Economist Intelligence Unit: "IT Excellence: Achieving Optimized Business Outcomes"
Symantec State of the Data Center Report 2007
Discover whether hosting is your smartest choice for enterprise messaging.
Optimizing Business Outcomes
Five Best Practices to Build an Enterprise Master Data Management Solution
Becoming a Visionary Portfolio Manager: Financial Services and Effective Portolio Management
Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response
Oracle Helps Alltel Save $30 Million Per Year
Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management
Oracle & SUN Team to Rise Above the Upgrade Challenge
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Samsung Puts 128G-Byte SSDs Into Mass Production
Symantec Warns of New Word Attack
VMware Replaces CEO, Shares Plummet
The Internet Gets a Patch, As DNS Bug is Fixed
Groups: Targeted Ad Program May Be Illegal
US Senate Resumes Debate on Surveillance Bill
Google Launches Blog for Sub-Sahara Africa
Adobe Readying New Mashup Tool for Business Users
Celtel Begins Financial Compensation Program
Microsoft Patches Security Bugs in Products
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
