Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Calculating E-Risk

By Deborah Radcliff
February 12, 2001 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld - Even with strong security, e-business risk is a fact of life in today's interconnected business world. But the fundamental problem with managing this new form of business risk, say IT managers, is that there are no metrics and no standards to measure the level of risk.


Nevertheless, your board of directors needs to see that those bits and bytes they call "just data" are really the corporation's lifeblood. And they must get their arms around the ultimate cost to the business if that data were lost, stolen or altered.


"We need to make a model where e-business risk is wrapped in the cost of doing business—like automobiles [that] transfer regulatory costs to the consumers," says Frank Reeder, who chairs both the computer system security and privacy advisory board at the U.S. Department of Commerce and the Center for Internet Security in Bethesda, Md.


But quantifying risk calls for statistics and benchmarks, things that are sorely lacking in this new era of e-business, says Paul Raines, head of global information risk management at Barclay's Capital, the investment division of Barclay's Group PLC in London.


"Most risk models so far have been qualitative: Define your assets by classifying your data sensitivity; define your risks [for] theft, disaster, hacking. Then you evaluate your site against these risks," Raines says. "To develop a quantitative model, you need data to determine chance and frequency. The problem is, there hasn't been historical data to draw from. The equivalent of actuarial tables will help."

















How Insurers View Risk

Insurance companies look at these factors, among others, to assess e-business risk:

























Electronic publishing liability
Property damage
Business interruption
Damage to reputation
Restoration costs
Intellectual property loss
Business income loss
Extortion


SOURCE: the Fidelity and Deposit Cos., Baltimore; American International Group Inc., New York

The amount of data gathered concerning e-business risk is nowhere near the amount gathered during 100-plus years of the automobile. But business risk managers are currently looking at e-business risk as another element of business risk. In so doing, they're developing some early standards and metrics that will ultimately make it easier for business leaders and IT managers to understand and evaluate e-business risk.


For starters, regulators and standards bodies are developing best practice guidelines for information security, a crucial first step in building a framework for metrics. Insurers are selling e-business security and liability insurance, so they're already attaching a price to some risks. Private incident-response centers are gathering and publishing statistical data on the frequency of certain events that could expose risk. And internal auditors are beginning to define e-business risk for their boards of directors.



Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

POLL RESULTS
Leading IT Pros Weigh In on Top IT Issues
Accelerate your knowledge of the IT world you inhabit by viewing the results of a series of polls taken by your IT peers. These polls of 100+ IT professionals each are available for full viewing. They cover key topics such as virtualization, processor performance, green IT, cloud computing and many others. Be a part of the buzz.
WHITE PAPER
For Best Results, Think Beyond the Box
Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to simplify operations, maintenance, and support. Kodak offers a best-practices model. One company provides support for both scanner and software, for fast problem resolution without vendor finger-pointing. Download now!
WHITE PAPER
Accelerating the Path to Demand Intelligence with a Demand Signal Repository
Utilizing demand intelligence improves the precision of pricing, product assortments, channel/store placement, and promotion, which are all essential for sustainable revenue management performance. Learn more, download this free whitepaper today.

White Papers & Webcasts

Accelerate SSL Encrypted Applications
The amount of SSL traffic is growing in the enterprise. Because it is encrypted, it cannot be properly controlled and accelerated. Blue Coat...  

Data Protection and Disaster Recovery with iSCSI and VMware
Data protection and disaster recovery are top of mind for any IT manager, and the challenges of complexity and cost remain as obstacles....

ESG Lab Field Audit
Many companies have successfully implemented Riverbed WAN optimization solutions within their Cisco networks. This ESG Lab Field Audit document explores the success that...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

Shape Your Apps Strategy to Reflect New SaaS Licensing and Pricing Trends
Why are smart companies choosing software-as-a-service? Find out in the complimentary Forrester Research report...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Natural User Interface for Enterprise Applications
Learn how a revolutionary user interface can make a complex enterprise application so intuitive even casual users can jump right in....  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

A Truly Global HCM System
Learn about a system built with advanced object-oriented technology that support multi-national requirements and costs less to implement, maintain and upgrade....  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.