Enterprise Security Trends Blog | HP Blogs

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Subscribe
Article Options

Move from Managing Security to Managing Risk

by Info_Security on 09-13-2011 02:54 PM - last edited on 09-13-2011 02:54 PM

By Jeremy Ward, Security Services Development Lead

 

Managing enterprise security or managing risk – what’s the difference, and why is it important? Well, for starters, the word “security” makes many people unhappy. They often experience it as something that prevents them from doing their job. Security is seen as “gates, guns and guards,” rather than as a way to a more efficient and effective organization.

 

But risk too can be seen as negative, particularly in times of economic hardship. Although, in fact, we all instinctively understand risk. If we didn’t, we wouldn’t be able to cross a street, or even cross a room! Risk management is all about finding the right balance between safety and success. That’s why, where critical information and data are concerned, it’s better to manage risk than to manage security.

 

Chess Board.png

 

In a world with converging use of personal mobile devices at home and at work – where more and more applications and data are being moved to Cloud Computing,” understanding and managing the risk to corporate and personal information is increasingly vital.

 

And with shrinking resources, it is probably not cost-effective to tackle your enterprise security in a piecemeal way; applying tactical solutions as problems arise. In the longer term, you will almost certainly save money and reduce risk more effectively if you stand back and take a strategic, information-centric approach. Most importantly, this means looking at the alignment of your information risk management with your business objectives.

 

By analyzing real business risks and relating them to the maturity of your information security controls you may find that there are areas where you are overspending, as well as those where more resources are needed.

 

HP Enterprise Security Services offers a day-long workshop to help you find the right risk balance and develop a more efficient and effective organization Here are five ways HP Enterprise Security Discovery Workshop can benefit you on your journey to a more secure enterprise:

 

  • Gain insight into the market trends and drivers and how those impact your organization’s current security posture
  • Aid the development of a clear understanding of current security performance versus objectives
  • Help identify priority projects based on business alignment and risk exposure
  • Build and implement a transformation plan
  • Bring your team and key stakeholders together to allow for free flowing discussions and an opportunity for cross-team collaboration, input and agreement

 

How about you? Are you managing security or risk or both or neither? What obstacles have you encountered along the way?

To learn more about HP Enterprise Security, check out these resources:

 

Labels:

We encourage you to share your comments on this post. Comments are moderated and will be reviewed and posted as promptly as possible during regular business hours.

To ensure your comment is published, please follow our community guidelines.

Comments
by Nadhan on 09-13-2011 09:44 PM
Options

Insightful article on managing risk, Jeremy.  This is even more applicable to Small and Medium Businesses as outlined in the post on Why security best practices are more vital to SMBs than large enterprises

0
Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

Find HP in Social Media

Facebook Twitter YouTube SlideShare Flickr
About the Author
  • After graduation from Oxford University, Paul developed laser technology for NASA satellites, before moving into IT Security at Cable & Wireless in 2000, where he led the development of Internet Security Services. In 2005, Paul joined Vistorm, now HP Enterprise Security Services, as a Security Architect, where he is technical lead for mobile device and endpoint security solutions. Paul is CISSP and ITPC certified, is a CLAS consultant and M.Inst.ISP. He has recently completed the MSc Information Security at Royal Holloway, University of London.
  • A business first, senior executive, with over 20 years of hands on experience in defending banks, governments and corporations against cyberwarfare. My career in security started when I was employed to crack a secure system, which had locked down the boot process, whitelisting of applications and encrypted disks. I linked TeamOffice (an ICL email and collaboration system) with Microsoft Word to send an email which allowed me to do anything the person reading the email could do and send the results back to me, all without there knowledge. Having proved this vulnerability, I worked with Peter Simpson to create Defuse, a tool that blocked inappropriate actions. This successfully blocked Winword Concept, the first known malicous code in the wild. From these begginings I have investigated all aspects of security to provide an holistic approach to security as a business enabler and currently advising organisations on the suitability of the cloud to their needs.