Main Menu
Home / Uncategorized / Why risk management CAN succeed in IT

Why risk management CAN succeed in IT

network worldIn this rebuttal to the post by Richard Stiennon called “Why risk management fails in IT”, Steve Schlaman argues that IT risk management is the victim of the media and the perception by the business that “IT security is losing the war against the bad guys.” Schlaman states this is too broad of a statement: IT security has become more intelligent, repeatable, and with better results than in the past. One area that Schlaman points out as an improvement is the ability of asset identification, a point that Stiennon said was impossible. Schlaman, however, disagrees:

 One of the first tasks in risk management when it comes to IT security is to know what you need to protect. This is a significant challenge and, with the proliferation of devices, it seems an insurmountable task. However, technologies are addressing the “find the needle in the stack of needles” problem and identify where important data is flowing out of or into the organization and where it ends up. For example, data loss prevention technologies continue to expand their scope, accuracy and capabilities. Some perspective is useful when looking at progress against this problem. Will an organization have an absolute list of every desktop, laptop, mobile device, router, switch, database and widget in the entire IT universe? No. But can an organization find where personal information, credit cards, key research and development plans and other jewels of the company live? Absolutely. Today.

 Schlaman explains that, at the core of IT security, there needs to be fundamental risk management approaches that are agile and contextual. While IT security is by no means as good as it needs to be in most cases, creating a best practices approach that can be repeated consistently will be the element that pulls it out from the perception of consistent failure.


About Matthew Kabik

Matthew Kabik is the former Editor of Computer Aid's Accelerating IT Success. He worked at Computer Aid, Inc. from 2008 to 2014 in the Harrisburg offices, where he was a copywriter, swordsman, social media consultant, and trainer before moving into editorial.

Check Also

The Robot Will See You Now: AI and Your Health Care

Health care is–as some have recently realized–complicated. Robots and apps will only make things more …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sorry, but this content
is for our subscribers only!

But subscribing to ACCELERATING IT SUCCESS is FREE and only one click away!
Join more than 40,000 IT Professionals and get the best IT management articles to your mailbox with Accelerating IT Success!

Unsubscribe at any time