Use risk management for reasonable information asset protection

Tom Olzak — Mon, 19 Feb 2007 16:08:58 +0000

Selecting the right security controls can be a daunting task. By applying the principles of risk management, however, security managers can meet the challenge with confidence.

Read the article

Transfer risk when mitigation costs are too high

Tom Olzak — Fri, 16 Feb 2007 15:15:19 +0000

According to security best practices, there are four things you can do when risk to an information asset is identified and business impact assessed. You can reject/ignore the risk. This is not a smart move in most cases. You can mitigate the risk to an acceptable level. You can accept the risk. And finally, you can transfer the risk. Transferring risk usually takes the form of purchasing insurance to soften the impact of a security incident. It’s occasionally less expensive to purchase insurance than it is to implement controls to significantly reduce risk.

In a February 15 Dark Reading article, Tim Wilson looks at the benefits and opportunities for security breach protection through the purchase of insurance.

adventuresinsecurity.com Blog » Risk Management

Use risk management for reasonable information asset protection

Transfer risk when mitigation costs are too high