IT | Security

The Color of Your Information Risk

By: Absolute Team | 10/20/2010

The IT Policy Compliance Group asks, "What Color is your Information Risk - Today" and less than 1 in 10 organizations fall into the "green" zone - those organizations where the CISO, CIO, CIO, CFO, CRO, CCO, business division managers and legal counsel all know what the risks are, which need to be resolved, and those that can be safely ignored or granted exceptions.

WCIYI-chart.png

As you can see from the chart above, for other organizations, assessing information security risks can take weeks or months! The companies unable to assess their risks, and to respond to them, often lack insight into the priority of information and lack adequate IT controls.

Best practices from those able to determine their risks on a timely basis include:

  • Business risks defined from the top-down
  • Scoring based on business and organizational risk priorities: not on risk scoring engines
  • Visible business impact summaries
  • Color-coded risks to immediately identify unacceptable from unacceptable risks
  • Visibility into human behavior, IT effectiveness metrics, exceptions, trends, control failures, vulnerabilities and threats
  • Laser focus on automated procedures to gather relevant information

You can download the full report {requires subscription} here.