Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus) remove filter
Showing posts by Jeremy Ward remove filter
Dispelling Myth 4: IT Risk Management is a Science
Jeremy Ward | 12 Feb 2008 | 0 comments

So you think IT risk management is a science? Or maybe you’ve never thought about it—you've just assumed that some clever expert has worked out all the angles. Unfortunately that’s not the case. The latest Symantec IT Risk Management Report gives some figures about how organizations manage (or fail to manage) their IT risk. It makes for interesting reading and includes some data about real incidents, analyzed jointly by Symantec and MIT’s Center for Information Research. However, what is clear is that IT risk management, although not a science, is evolving as a business discipline.

Correlation analysis of the data in the report shows that organizations are beginning to follow a natural progression in the way that they treat the management of their IT risk. They tend to start by looking at the security risk, then move on to consider availability and delivery risk, and finally address performance and compliance risk by implementing the more strategic...

Read more
Dispelling Myth 3: IT Risk Management can be Solved by Technology Alone
Jeremy Ward | 06 Feb 2008 | 0 comments

So, you think that there’s a magic bullet to deal with IT risk? In fact you probably wish there was, but since you don’t believe in Santa Claus, you know there isn’t! Of course that doesn’t stop people from looking for a quick technology fix. However, the latest Symantec IT Risk Management Report reveals that technology is not necessarily the issue. The report cites a study conducted jointly by Symantec and MIT’s Center for Information Research, showing that the majority (53 percent) of IT incidents have a process-based cause. Interestingly, the report also shows that organizations believe their technological effectiveness is declining. Last year’s number one effective control set was network, protocol, and host security. It’s still up there at the top, but there’s been a reduction of 16 percent in those who think they’re more than 90 percent effective (down from 47 percent to 31 percent).

Experience shows that it’s a balance of technology, process, and...

Read more
Dispelling Myth 2: IT Risk Management is a Project
Jeremy Ward | 04 Feb 2008 | 0 comments

So you’ve got a project to manage the risk to your IT systems? Well, in actual fact you probably haven’t! (It’s more likely that you’re too busy dealing with incidents.) The latest Symantec IT Risk Management Report suggests that bad things are going to happen to your IT and information pretty often. In fact, 69 percent of people thought they would probably have some sort of IT incident about once a month or more (2 percent thought they’d have them every day). Sixty-two percent of people thought they would have a major IT incident and 26 percent expected to have a regulatory non-compliance incident at least once a year, while 25 percent expected data leakage from their IT systems and 8 percent thought they would have a major information loss at least once a year.

From this it’s pretty obvious that a single project isn’t going to address your risk management...

Read more
Dispelling Myth 1: IT Risk Management is All About Security
Jeremy Ward | 01 Feb 2008 | 0 comments

So you think that risk is all about security? Well, we deal with risks to our personal security every day – each time we cross the road! But ask someone to think about more impersonal risk, like that to IT, and it becomes difficult to define what we mean.

The latest Symantec IT Risk Management Report aims to build a common understanding about IT risk, which it views as consisting of four elements: security, performance, availability, and compliance. When most people consider the risk to their IT systems, they immediately think about security and the need to keep bad things out and good things in. However, the report shows that concerns about availability risk have now come to the fore—78 percent of participants saw it as a serious or critical risk to their business. This makes a lot of sense when you know what it can cost your business if you lose the...

Read more
From Myth to Reality: Evaluating the State of IT Risk Management
Jeremy Ward | 30 Jan 2008 | 0 comments

Today Symantec launched Volume II of the IT Risk Management Report, entitled “IT Risk Management – From Myth to Reality.” It analyzes the results of interviews with more than 400 IT executives and professionals from around the world during 2007. As the title implies, the report takes a look at the truth behind four common myths around IT Risk Management.

Myth One: IT Risk = Security Risk

The report clearly demonstrates that people really don’t believe this myth any more. In fact, most (78 percent) of those participating in the survey thought that availability was the most important aspect of IT risk. While more than half of the participants rated every risk element serious or business-critical, only 15 percentage points separated the highest and lowest elements.

Myth Two: IT Risk Management is a Project

Well...

Read more
IT Risk Assessment – Fact or Fiction?
Jeremy Ward | 05 Sep 2007 | 0 comments

At the Open Group meeting in Austin a couple of weeks ago, I attended the workshops on IT risk assessment. Pretty dull, eh? In fact, this topic produced some of the liveliest debate I’ve ever had at a conference.

Unless you specialize in this area, you may think that risk assessment is pretty well sewn-up. You couldn’t be more wrong. Get 50 practitioners in a room and you will have 50 different methodologies for assessing IT risk. The trouble is that nearly all of them will be subjective – the outcome of any risk assessment exercise is most likely to be ‘high’, medium’ or ‘low’. Even when it’s an apparently objective number -- 54,821, for example – you don’t learn all that much. Try going to your board and telling them that their IT risk is 54,821 and their eyes are likely to glaze over very quickly! Any attempt to calculate ‘annual loss expectancy’, although valiant, only results in trouble when the degree of variability is larger than the sum itself!

So we urgently...

Read more
Managing IT Risk in the Public Sector
Jeremy Ward | 03 Sep 2007 | 0 comments

Is the public sector bothered about IT risk? Although it’s a hot topic, as we saw at RSA in February, surely the public sector is more worried about saving money and meeting government targets? Well, yes – but one of the best ways of doing this is to ensure your IT systems operate efficiently and can deliver the services the public want, when they want them, not just when your offices are open. Shared services save money too – but mean sharing the security pain as well as the productivity gain. All this means more IT risk.

Symantec recently released the latest in-depth study taken from its IT Risk Management Report. This is a mini-report on findings from the public sector. The report looks at how IT professionals in the public sector view sources of IT risk and the effectiveness of the controls used to manage it. The report is based on feedback from 77 IT professionals in...

Read more
Risky Business: Understanding IT Risk Management
Jeremy Ward | 22 Feb 2007 | 0 comments

If 2006 was the year of NAC, then 2007 is already shaping up to be the year of Risk Management. Perhaps you missed many of the analyst and expert New Year’s predictions of information security evolving into IT Risk Management this year, but a brief walk through RSA’s show floor and a perusal of the product news coverage would have only confirmed 2007’s focus on IT risk.

Similar to NAC’s challenges, there seems to be a good deal of confusion regarding the definition of IT Risk Management and how it is practiced. Fortunately—nearly one year later and after 500+ in-depth interviews with IT executives and business professionals worldwide—Symantec released the results of a new study, the IT Risk Management Report. The report is designed to cut through some of the industry noise and help organizations understand the fundamental elements of IT...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,806