And the winner is…the government. While the government is often perceived as slow in adapting the latest IT trends, a study conducted by the Ponemon Institute and Tripwire suggests risk management is one area where the government is surpassing us all. Frank Konkel explains why.
Most of the public sector is still struggling to find which framework works best for them, but the government starting using framework much earlier in the game. This made all the difference in factoring risk into decisions. However, there is one issue that both the public and private sector are struggling with. Across the board, there was not enough communication lower-level IT employees and executives, especially regarding risk.
In fact, this is one area where the public has the government beat, even if it’s not by much. Forty-six percent of federal employees said they communicated security risk only when an incident actually occurred. Forty-one percent of the private-sector does the same.
There are multiple reasons for this, like the lower-level employees don’t want to bother busy executives or they don’t believe the executives will fully comprehend the issue anyway. Whatever the reason, it is clear this is the part where both public and private need to pick up the pace. Risk management is most effective when it includes communication, and this communication won’t do anyone any good if it only happens after disaster strikes.