New dynamic threats requires new thinking - 'Moving beyond compliance'

摘要

Threats today are much more flexible, stealthy, and dynamic than they have ever been. Current efforts by IT professionals and risk managers have had little impact in the mitigation of these threats. When you combine this trend with a renewed focus on protecting soft assets, such as intellectual property and reputation, a new approach is needed that swings the pendulum back toward the computer user as an active participant in the risk mitigation efforts. Building risk management responsibilities into each employee's job description, and holding each employee accountable, is the first step in the process of combating today's threats. Risk managers and security professionals must also understand that by taking a holistic view of organizational risk, they can effectively work with human resource managers to ensure that everyone is doing their part in the organization's risk management effort. Compliance is no longer feared by those that it affects, but has turned into a byproduct of a greater effort to effectively match competencies against organizational objectives, resulting in a risk management effort that actually reduces mitigation costs and increases effectiveness.