Calculating e-risk

By Deborah Radcliff, Computerworld | Business Add a new comment

February 13, 2001, 11:10 AM — Even with strong security, e-business risk is a fact of life in today's interconnected business world. But the fundamental problem with managing this new form of business risk, say IT managers, is that there are no metrics and no standards to measure the level of risk.

Keeping the Faith

First Union Corp., whose core business is trust, can't wait for outside interests to determine risk metrics. So last year, the Charlotte, N.C.-based bank implemented Phase 1 of a risk-compliance program by standardizing policy and tracking compliance.

"We wanted to make it measurable whether files, systems and risk parameters are appropriate," says Pat Hymes, manager of distributed computing at First Union's information security division.

Hymes' team started by assessing whether its published operating system security policy was being followed using commercial and home-written software agents that report the state of the operating systems.

The agents reported back that "the general state of our operating system-level security wasn't very good," Hymes says. "A lot of the system administrators didn't even know security was part of their jobs. So we put together a training class."

This compliance data is now used to chart measurements, which are routed to department heads and IT leaders with bullet points that say, "Here are the common risk areas and here are our concerns," he adds.

Hymes' next step: Develop similar measurements for compliance in networks and applications and among employees.

Add a comment

From CIO.com

From CSO Online

Will Do Not Track kill the 'free' Internet?

5 comments
How to kill Web trackers dead

3 comments
Even after rewrites, Google Wallet retains gaping security holes, mainly due to Android

3 comments
MegaUpload takedown didn't slow pirate downloads, just moved them offshore

3 comments
How to avoid being tagged as a terrorist: Don't pay cash for coffee

2 comments

Older
|
Newer

ITworld LIVE

chetanmts has just joined ITworld
ablake asks What can be done to control noise levels in data centers?
User jnaze is following KenedyMark_Yah52T6CK
weissa has just joined ITworld
Yoshihiro Satoh shared Eight features Windows 8 borrowed from Linux on Twitter
Yoshihiro Satoh has just joined ITworld
pypeAnaenuE has just joined ITworld
KenedyMark_Yah52T6CK commented on How the Phoenix Suns basketball team takes on social media attacks
KenedyMark_Yah52T6CK commented on Netflix pays $9M to settle user-data misuse charges; aims to misuse more data with Facebook
KenedyMark_Yah52T6CK commented on Google Wallet suspends prepaid credit card functions
KenedyMark_Yah52T6CK commented on Hacked Microsoft online store saved passwords in plain text
KenedyMark_Yah52T6CK commented on Hackers probably stole Steam transaction data, Valve says
KenedyMark_Yah52T6CK commented on Continuous Transaction Monitoring (CTM) protects financial integrity, even when network security inevitably fails
KenedyMark_Yah52T6CK commented on Security Manager's Journal: Hackers phone home -- on our dime
KenedyMark_Yah52T6CK commented on Is your definition of security holding you back?
KenedyMark_Yah52T6CK commented on Free service offers basic enterprise mobile management
KenedyMark_Yah52T6CK commented on Pickpocketing Google Wallet on Android phones
KenedyMark_Yah52T6CK commented on Online dating sites: Looking for love, finding violations of privacy
KenedyMark_Yah52T6CK commented on Anonymous took down CIA.gov Friday, then didn't, then did, then did it again today
KenedyMark_Yah52T6CK commented on China may widen investigation of Apple iPad trademark dispute
KenedyMark_Yah52T6CK commented on HP to release server management apps for iOS, Android
User nadeus is following tech skillz
Dale Henderson has shared Six crucial tech companies you've never heard of on Linked In.
Dale Henderson has shared Desktop virtualization smackdown: Parallels vs. VMware vs. VirtualBox on Linked In.
Dale Henderson has shared 10 must-have tools for cloud power users on Linked In.
Dale Henderson has shared 12 effective habits of indispensible IT pros on Linked In.

BusinessWhite Papers & Webcasts

White Paper

Insiders Can Ruin Your Company. Take Action.

Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.

White Paper

Ten Steps to an Enterprise Mobility Strategy

Enterprise employees are more mobile, relishing the ability to work productively anywhere, at any time. They may use any means to get connected, often creating financial and security risks for your company. Discover how to get control of your enterprise mobility strategy and ensure mobile worker productivity with these ten steps.

White Paper

What You Need to Know About the Costs of Mobility

Mobile workers want to get connected anywhere, at any time, often at any cost. Enterprise mobility is often a hidden "black" budget in your company. Ensure that your traveling employees are productive everywhere, even while you control cost and security, through an enterprise mobility strategy.

White Paper

The 2011 iPass Mobile Enterprise Report

This industry survey covers trends, recommendations and a policy guide on managing Enterprise Mobility for IT management and CIOs. Get data on employee device liability, as well as smartphone/tablet penetration, budget control and provisioning. Find out how your organization compares, how to ensure mobile worker productivity, and control costs.

White Paper

Smarter Commerce is redefining value chain visibility

Smarter Commerce is redefining the value chain in the age of the customer. It starts with putting the customer at the center of your operations - which of itself is not a new idea - however, truly operationalizing this strategy is not easy.

See more White Papers | Webcasts