Security Convergence and ERM: |
|
Management must increasingly assure senior and executive management that enterprise security risk management is effectively managed and governed with the same degree of rigor as other risks within the enterprise. Once the security risks have been identified and appropriately characterized, they must be normalized and aligned with both the broader operational risks and the other risk families (financial, etc.) inherent to the enterprise. Only when this is accomplished can an enterprise be satisfied that all risks, independent of origin, are being addressed in a properly prioritized and effective fashion. |
Security risks and their management have significant importance in today’s enterprise. They should always be addressed with a consistent and structured approach. In the GUIDE project trial assessment, use of an established risk management framework was very effective. Its use in conjunction with an IT framework such as COBIT proved even more effective.