The ins and outs of calculating risk
by: TEKsystems on Dec. 6, 2012
The rapid evolution of IT services has introduced a number of new opportunities and risks to the private sector. While embracing advanced solutions is necessary to remain competitive in today's fast-paced business world, decision-makers also need to assess concerns that may go hand in hand with adopting next-generation tools.
For this and other reasons, calculating risk has become a delicate balancing act, according to an InfoWorld report. Executives need to ensure they implement an appropriate level of security to keep mission-critical information and applications safe without applying too much so operations are impaired.
Although planning ahead can mitigate some risk, companies need to properly delegate security initiatives and use common sense.
Keeping decisions with upper management
The evolution of advanced technologies has made it more critical than ever that companies receive the proper IT support from knowledgeable professionals. However, risk decisions associated with leveraging next-generation tools need to ultimately remain with upper management, InfoWorld noted.
In many cases, IT departments invade risk calculating processes by providing executives with do-or-die scenarios, often painting vivid pictures of potential doomsday situations. This is a dangerous place for enterprises to linger, as IT support can quickly transition from an informational resource to an operational hindrance.
InfoWorld said decision-makers need to participate in advanced IT training programs so they can take advice given to them with a grain of salt. In doing so, executives will be able to create realistic pictures of the risk landscape and deploy effective strategies to eliminate problems that may emerge with the adoption of next-generation solutions.
Using common sense to mitigate risk
In addition to training and calculating a rational image of ongoing risks, managers need to ensure employees are using common sense when performing everyday operations, InfoWorld noted. Every business, regardless of size and industry, has varying types of information. As a result, decision-makers need to determine which assets are more sensitive than others and require advanced protection.
A separate report by Dark Reading also highlighted how important it is for executives to assess their resources and deploy different security initiatives. This will become increasingly important in the coming years as companies continue to use cloud computing and personal mobile devices for everyday business operations, enabling individuals with differing authorization levels to access mission-critical information from anywhere at any time.
"It boils down to the fact that a data breach is going to be an inevitable event - the strategy then has to shift to making a breach meaningless to the attackers and have zero impact to the business," security expert Mark Bowers said.
Dark Reading also noted that executives and IT departments need to educate the general workforce on how to perform mission-critical tasks in a secure fashion. In many cases, individuals are simply unaware of security vulnerabilities they may be creating when working from home or completing tasks on a personal smartphone or tablet.
IT security training regimens should be relevant and contextual to how individuals work on a daily basis, according to a separate CSO Online report. The initiatives should also be reinforced and repeated over time, as this will drill the importance of operating securely.
The risk landscape will likely continue evolving in the coming years as innovative IT services emerge and offer new advantages to early adopters. Calculating and assessing security concerns will be an important step in embracing tomorrow's solutions. What are some of the strategies your company is taking to mitigate long-term risk?