Discover PerformanceHP Software's community for IT leaders // March 2012
Five steps to limit business risk
Effective risk management through true enterprise security intelligence starts with a simple process.
Limiting risk is a major touchstone of executive success, arguably as important as revenue growth. For today's enterprise, IT risk is everywhere: attacks, accidental breaches, compliance failures. IT executives need a broad perspective on risks to the enterprise.
That comprehensive view of your IT security stance is coming to be known as enterprise security intelligence (ESI). ESI moves away from ineffective, siloed security initiatives in favor of an integrated security framework for the entire organization.
"An important part of what ESI can do for a company is to encourage holistic, coordinated planning," says Alan Kessler, vice president for enterprise security at HP. "When you're consistently proactive about your security plans, implementing the methodology that will limit risk comes much more easily."
But elevating your perspective on IT security beyond "Are all my patches up to date?" requires a systematic approach to understanding the greater concept of business risk. Get there by following five basic steps:
Step 1—Assess your needs.
Inventory all assets that may require security and understand their overall importance to the business. As part of your assessment, categorize issues as high, medium, or low importance. With a low-risk asset, such as a blog, minimal security may be sufficient, whereas a web-based payroll application is sure to need robust security.
Step 2—Identify your objectives.
For each issue found during the assessment phase, identify the outcome you want. This process is especially important for mission-critical and high-risk applications. Do you need a kill switch that can terminate a process immediately? Do you need a real-time dashboard for monitoring security or are end-of-day reports sufficient?
Step 3—Research the possible solutions.For each issue, know which options are available to achieve the objective you've set. How will you get there? For example, if you need a firewall and an intrusion detection system (IDS), whom can you rely on to provide it?
Step 4—Test and evaluate the potential solutions.
Before you decide on a solution, perform a detailed pilot test. This is especially important if your new solution sits within the network and can potentially cause mission-critical outages. You should know ahead of time whether there are any business requirements that the target solution cannot address.
Step 5—Appoint specialists to shepherd the implementation.
You'll need to decide whether to manage the implementation in-house or hire professional services. Assess the skills of your IT staff and their available bandwidth. Meanwhile, request bids for managed services. Outside professionals bring focus and expertise to your project and can often provide training for in-house staff.
Lower risk, high reward
This sort of simple, strategically coordinated security assessment is an excellent springboard to ESI. Organizations that approach security and business risk in this way can expect to improve the effectiveness of security across the enterprise and limit all types of business risk.
To learn more about ESI and ways to limit your business risk, visit HPEnterpriseSecurity.com.
HP CEO Meg Whitman discusses how connected intelligence will drive IT operations, application development, IT security, marketing, compliance—and the bottom line. Register now.
Connect with nearly 1,500 security pros to learn how to better disrupt or mitigate threats. Learn to think like a bad guy. (Washington, D.C., Sept. 8 – 11)
The Heartbleed vulnerability set users and enterprises scrambling. How can we avoid or mitigate the next Heartbleed?
HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episode.
Preparing today for tomorrow’s threats.
Introduction to Enterprise 20/20
What will a successful enterprise look like in the future?
Challenges and opportunities for the CIO of the future.
Dev Center 20/20
How will we organize development centers for the apps that will power our enterprises?
Welcome to a new reality of split-second decisions and marketing by the numbers.
IT Operations 20/20
How can you achieve the data center of the future?
What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.
Looking toward the era when everyone — and everything — is connected.
Data Center 20/20
The innovation and revenue engine of the enterprise.