Archive for the ‘Risk Management’ Category

Use risk management for reasonable information asset protection

Monday, February 19th, 2007

Selecting the right security controls can be a daunting task.  By applying the principles of risk management, however, security managers can meet the challenge with confidence.

 Read the article

Transfer risk when mitigation costs are too high

Friday, February 16th, 2007

According to security best practices, there are four things you can do when risk to an information asset is identified and business impact assessed.  You can reject/ignore the risk.  This is not a smart move in most cases.  You can mitigate the risk to an acceptable level.  You can accept the risk.  And finally, you can transfer the risk.  Transferring risk usually takes the form of purchasing insurance to soften the impact of a security incident.  It’s occasionally less expensive to purchase insurance than it is to implement controls to significantly reduce risk.

In a February 15 Dark Reading article, Tim Wilson looks at the benefits and opportunities for security breach protection through the purchase of insurance.