Sicherheit
Information Security Risk Best Practices
Creating an Effective Security Awareness Program
Imperative: A set of information security policies is the key cornerstone of an effective IT risk management program. The information security policies are the basis for all other components of this program, and without them, the enterprise risks its financial viability.
An effective set of information security policies is the basis of risk assessments each enterprise should conduct. Policies must be communicated to all users of enterprise IT assets so that they understand their responsibility to protect the enterprise against information security breaches -- that is, they are as accountable for enterprise protection as the chief information security officer.
Users must be trained in the following areas (see Figure 2):
Measuring Information Security Expenditure Effectiveness
Strategic Planning Assumption: By 2005, 20 percent of the Global 2000 will have effectiveness assessment systems in place that will monitor the information security health of business transactions in real time (0.7 probability).
Many enterprises struggle with how much to spend on controls to mitigate the risk of an information security threat being exploited and how effective those controls are. Many are turning to metrics to help them evaluate the effectiveness of their information security program.