THE ULTIMATE BALANCING ACT

摘要

Tackling risks based on how IT problems could affect business operations still befuddles some companies, despite industry hype bally-hooing risk management (RM) practices. By adopting an RM approach, organizations are supposed to align security processes and deployments with business needs. They should also get staff to work together to keep the company focused on business initiatives while avoiding IT problems, and help department heads and IT leaders focus their resources and funding on appropriate security needs. But how to execute a solid plan that defines, mitigates, manages and measures security risks to the business is unclear to some. One main reason for this is that exacdy what risk management is has become amorphous.