Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

IT security guide: Understanding cyber-risks means knowing what questions to ask

New guide gives CFOs 50 questions about cyberthreats to ask various department heads

October 20, 2008 12:00 PM ET

Active Comments
tuomoks says: The fact is and has always been, "Security isn't an IT issue. It's an enterprisewide risk management issue that affects...
http://www.eradicatespyware.net says: Wonderful and elaborative techincal news. i agree on very parameter.. a good peice of work done by ansi and isa.....


Computerworld - A good place for senior executives to start in trying to understand their companies' financial exposure to cyberthreats is by getting an overall assessment — not just from IT, but also from business units and corporate operations such as the human resources, legal and public relations departments.

That piece of advice is contained in an information guide that the American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) jointly released today in an effort to help high-level execs prepare for the financial implications of possible cyberattacks.

But as fundamental as that notion might seem, the guide says that the continued failure of chief financial officers and other corporate executives to gather a multidimensional view of IT security threats often leaves companies dangerously unprepared for the sometimes staggering costs that can result when their systems are attacked.

The 40-page guide was put together by a task force of risk management executives from more than two-dozen organizations, including Carnegie Mellon University, IBM, insurers American International Group (AIG) and State Farm Insurance, defense contractor Lockheed Martin and consulting firms Booz Allen Hamilton and KPMG. The document lists a series of 50 questions that CFOs and other executives should be asking the leaders of various internal groups, according to ANSI and the ISA.

The questions are designed to elicit information that can help provide a more holistic picture of a company's exposure to security threats, and the potential costs of either ignoring or mitigating those threats, said Ty Sagalow, president of product development at AIG's general insurance group.

Sagalow, who led a series of workshops that resulted in the new guide, said a lesson that the participants quickly learned during the sessions was that "cybersecurity, which has been traditionally viewed by some companies as an IT issue, is not just an IT issue." Just like, he added, it isn't purely a legal or PR issue.

As for the possibility that some IT managers could view increased involvement in security issues by other departments as encroaching on their turf, Sagalow and other members of the task force said they don't expect that to be an issue. Many IT departments already recognize that they're only part of the solution to cybersecurity issues, said Edward Stull, a software architect at Direct Computer Resources Inc. and chairman of an IT security best-practices group for the InterNational Committee on Information Technology Standards.

According to Sagalow, this is the first time that an effort is being made to provide CFOs, who ultimately have to sign the checks for security investments, with a means for better understanding the financial ramifications of cyberthreats.



Jump to comments

IBM

Additional Resources

WHITE PAPER
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying