Home > Risk > Are we more concerned with addressing obvious IT risks than having effective IT risk management?

Are we more concerned with addressing obvious IT risks than having effective IT risk management?

November 29, 2010 Leave a comment Go to comments

I ask this question after reading Ernst & Young’s 2010 Global Information Security Survey”. The survey has some interesting comments on the top IT security risks from new information technology – including the obvious ones around data leakage, mobile devices, cloud computing, and social media. E&Y report good news, that while risks are perceived as increasing, nearly half see their IT security budget increasing.

But, the statistic that jumps out for me is this: only about 42% of the respondents to the survey have an IT risk management program in place.

How do you ensure you protect the organization from IT-related risks without a solid IT risk management program (preferably integrated with the enterprise risk management program)?

How do you allocate resources to address the more significant information security risks without a risk management program?

It’s great that E&Y provided this information. Next, in my opinion, is more thought leadership on the need for an effective IT risk management program as part of the enterprise-wide risk management program.

What do you think?

 By the way, have you completed the survey on GRC, and whether the concept adds value? If not, please see here.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 5,181 other followers

%d bloggers like this: