Home > Ask the Security Channel Experts > Selling Security Technology and Services with Christofer Hoff Questions & Answers > How can service providers help with IT risk management?
Ask The Security Channel Expert: Questions & Answers
EMAIL THIS

How can service providers help with IT risk management?

Christofer Hoff EXPERT RESPONSE FROM: Christofer Hoff

Pose a Question
Other Security Channel Categories
Meet all Security Channel Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 07 March 2008
Why is corporate IT risk management lacking, and how can the channel help?

>

IT risk management is a very different exercise than just managing and mitigating technology threats and vulnerabilities related to infrastructure. What's often missing in discussions of risk is the business impact should a condition arise that affects (at a minimum) the confidentiality, integrity or availability of the business' most important assets.

Most enterprises -- regardless of size -- have no reliable way of understanding how to prioritize their efforts and spending, as a measured result of managing risk, to an acceptable level based upon a transparent process. This is usually because they don't have a transparent process for IT risk management.

The first and most profound observation regarding the lack of a holistic risk management program is the simple lack of a repeatable, well-defined and business-driven risk assessment process using a framework that allows the business, IT, security and governance organizations to transparently participate in the process.

In many cases, putting in place a risk assessment process is thought of as too daunting, onerous and resource intensive. Some other companies seem to think that the daily firefighting and tail-chasing is the best that can be achieved when it comes to IT risk management. Meanwhile, industry risk management frameworks are often too overwhelming, and staffers have a hard time understanding where to start.

The channel can help businesses embrace the notion of managing risk by selecting a streamlined, rational and operationally feasible risk assessment framework. Service providers can master this framework and use it to both educate customers and add as a service in their portfolio offerings. Two examples are OCTAVE and FAIR.

Once you begin consistently speaking to your customers in terms of managing risk and not just threats and vulnerabilities, you will ultimately open the doors to higher-level discussions regarding opportunities that matter most to organizations. This is because the discussion becomes one that is focused on prioritizing efforts based upon the business' needs and not the technology "hamster wheel of pain" that IT has come to represent.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Selling Security Technology and Services with Christofer Hoff
Can enterprises place too much emphasis on security regulatory compliance?
What are the best data leakage prevention strategies for my clients?
How will the planned changes in PCI-DSS affect the channel?
What is the future of antivirus or antimalware software?
What accounts for the trend toward SMB security?
Where do I start in discussing virtual security with my customers?
Why is it important to use security metrics with my clients?
What should I know about green security?
How do I help clients with end-user security policies?
How do I determine the right number of security vendor partners?

Business risk assessment and risk analysis
Loss leaders: Security products and services to get a foot in the door
Getting to know the NERC CIP standards
The intersection of security and disaster recovery
Remote vulnerability scanning: Process, roles and responsibilities
How to perform a network security audit for customers
Creating your checklist and Summary
How to generate revenue from unified threat management
Unified threat management: Migration and management techniques
Unified threat management: An intro for solution providers
Podcast with Dr. Paul Rohmeyer on choosing a remote management platform

Additional resources
How to prepare for network penetration testing services
Defining the scope of a security assessment

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts