Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Infosec 2013: There is no such thing as information security risk

Sophie Curtis | April 25, 2013
CISOs need to align their security strategy with their business goals, claims panel

"It's critical that you look at things from the perspective of, what are the events that will crucify us? And they're the ones that you do risk assessment on. Most other things you do risk management, and you probably do it via a practice-based approach."

Amar Singh, CISO at News International, added that risk articulation is still a challenge within IT, and this is partly down to the use of risk registers. He said that it would be better to give the security professional the opportunity to build a narrative, and explain the cause, event and effect.

However, Pailsey warned that risk assessment will never enable organisations to predict the future. Instead it should enable organisations to get to the point where their assessment process takes account of the uncertainty, and attempt to understand the probabilities associated with it.

"It's finding out what you business goals are, and aligning your security strategy with them," concluded Forrester analyst Andrew Rose. "It's very empowering for security professionals to align their information security and your business strategy. It overcomes so many problems."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.