Risk-Based Security Strategies: More Concept Than Reality

Nearly 80 percent of enterprises say they are committed to risk-based security management, but less than half have done anything, Ponemon study says

Dark Reading Staff, Dark Reading

June 16, 2012

2 Min Read
Dark Reading logo in a gray background | Dark Reading

The vast majority of enterprises believe that a risk-based security strategy is the right way to go, but most of them have not taken any steps to implement such a strategy, according to a study published this week.

According to The State of Risk-Based Security Management, a survey conducted by the Ponemon Institute and sponsored by security vendor Tripwire, commitment to risk-based security management (RBSM) is high, but implementation is low.

The study reveals that although more than three-quarters (77 percent) of the organizations in the study claim a significant or very significant commitment to RBSM, their actions do not back up this claim, the study says.

Slightly more than half of respondents (52 percent) report that they have a formal RBSM function, program, or set of activities dedicated to risk-based security management, according to Ponemon. Less than half (46 percent) report that they have deployed any risk management program activities at all. Forty-one percent don’t classify their information according to its importance to the organization.

Among those organizations that do have a formal function, program, or set of activities dedicated to risk management, almost three-quarters (74 percent) have either partially or completely implemented some risk management practices, the study says.

Most organizations are looking to reduce risk by implementing preventive tools and practices, but many do not have tools and practices for detecting threats and compromises once they have penetrated enterprise defenses, Ponemon reports.

"It turns out that 80 to 90 percent of the organizations report deploying the majority of the important preventive controls, but only 50 percent report deploying the majority of important detective controls," the survey states.

While many respondents indicated that a lack of resources, skilled personnel, and leadership are barriers to implementing RBSM, Ponemon suggests that the lack of a formal program or strategy is a more significant roadblock.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:

2012

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

The MasterCard logo on a credit card
Threat Intelligence
Mastercard's Bet on Recorded Future a Win for Cyber-Threat IntelMastercard's Bet on Recorded Future a Win for Cyber-Threat Intel
byJai Vijayan, Contributing Writer
Sep 23, 2024
4 Min Read
In this photo illustration the Recorded Future logo seen displayed on a smartphone and on the background.
Threat Intelligence
Mastercard's Recorded Future Deal Furthers Its AI Security GoalsMastercard's Recorded Future Deal Furthers AI Security Goals
byJeffrey Schwartz, Contributing Writer
Sep 19, 2024
4 Min Read
Black background and white text saying Dark Reading Confidential
Vulnerabilities & Threats
Dark Reading Confidential: Pen Test Arrests, Five Years LaterDark Reading Confidential: Pen Test Arrests, Five Years Later
byDark Reading Staff
Sep 10, 2024
42 Min Listen
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events