Developing Security Policies: Rules vs. Risk

By | August 31, 2006

The likelihood that an organization´s assets are insufficiently safeguarded against threats is very high. This protection shortfall against loss, damage or compromise is known as risk.

This problem is compounded because decision makers are unaware of all the actions available to them to mitigate risk, if they are aware of the risk at all. For proof, we only need to look at the high degree of breaches even though security tools and practices are more prevalent than ever.

There are two policy models that are widely used today; risk-based and rule-based. Traditionally, rule-based policies were developed to control computing assets at a time when regulatory compliance and security risk weren´t even merit a passing thought.Read Full Story

Leave a Reply