Main Menu
Home / IT Governance / Open Environment With A Secure Framework? Sure.

Open Environment With A Secure Framework? Sure.

Let’s see what to put in the perfect storm of risky IT developments: increasing complexity, decreased budgets, BYOD culture and, let’s see … yes, how about some new tech like the cloud. What comes out? A great opportunity for bad things, and that’s just where IT finds itself these days: between new technologies and lessening control, IT no longer can use old models of risk management simply won’t keep organizations from being exposed to outside threats like before. A few new, effective ways to manage these risks are presented in this article by Kevin Cunningham. Cunningham begins by explaining how risk management has to be embraced by the whole organization, not just IT: This requires a formal categorization of risks in order to understand potential threats and vulnerabilities, and to implement the appropriate set of controls to balance the business’ need for convenience, usability, and availability with the need for security measures that mitigate risk. This includes implementing the necessary controls to eliminate specific risks such as workers who hold access privileges they don’t need, terminated workers whose access privileges are not removed, or toxic combinations of access privileges that increase the potential for fraud, etc. The article then goes on, explaining that the organization must have “identity intelligence” tools that allow the business to see what access each employee has, how they are using it, and any potentially risky actions taken by them. The last tip Cunningham lists is open collaboration between IT and business. After all, it’s going to take working between both groups to align IT’s operational policies to the business and implement the processes for identifying what resources have access to what systems.

About Anne Grybowski

Anne is a former staff writer for CAI's Accelerating IT Success, with a degree in Media Studies from Penn State University.

Check Also

How to Identify and Manage Secondary Risks

Have you ever created a problem in trying to solve one? Secondary risks, or risks …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sorry, but this content
is for our subscribers only!

But subscribing to ACCELERATING IT SUCCESS is FREE and only one click away!
Join more than 40,000 IT Professionals and get the best IT management articles to your mailbox with Accelerating IT Success!

Unsubscribe at any time