The nuts and bolts of an information risk management (IRM)
framework are best put in place long before you install the technology.
But it's never too late to mitigate business risk by working out the
mechanics of functions, requirements and controls. Discover and report
on the right priorities, and you can construct a framework for making
Read Five steps to building information risk management frameworks and Developing Controls for People, Processes and Technology by Forrester analyst Khalid Kark who details how to build a sound IRM solution in your organization, including:
|Defining domains for your IRM framework|
|Three questions to ask when assessing the criticality of IRM requirements|
|Overcoming two significant challenges in defining security metrics programs|
|Converging physical and logical security through process collaboration|
Kark is a principal analyst at Forrester Research. His research focuses
on information risk management strategy, governance, best practices,
measurement and reporting.
This expert advice is part of a continuing series on
IBM best practices for IT security management. IBM security services
and solutions such as Tivoli®, Internet Security Systems™, and
Rational® enable customers to better manage their infrastructure,
operations and IT processes.