Best practices for IT security management

The nuts and bolts of an information risk management (IRM)
framework are best put in place long before you install the technology.
But it's never too late to mitigate business risk by working out the
mechanics of functions, requirements and controls. Discover and report
on the right priorities, and you can construct a framework for making
well-informed decisions.

Read Five steps to building information risk management frameworks and Developing Controls for People, Processes and Technology by Forrester analyst Khalid Kark who details how to build a sound IRM solution in your organization, including:

Defining domains for your IRM framework
Three questions to ask when assessing the criticality of IRM requirements
Overcoming two significant challenges in defining security metrics programs
Converging physical and logical security through process collaboration

Kark is a principal analyst at Forrester Research. His research focuses
on information risk management strategy, governance, best practices,
measurement and reporting.

This expert advice is part of a continuing series on
IBM best practices for IT security management. IBM security services
and solutions such as Tivoli®, Internet Security Systems™, and
Rational® enable customers to better manage their infrastructure,
operations and IT processes.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s