While traditional IT security looked primarily at Intrusion Detection and Prevention (IDP), firewalls, anti-virus technology, encryption, and system hardening, Information Risk Management (IRM) extends IT's involvement into areas that aren't normally its responsibility. To effectively mitigate enterprise risk, IT must now also be part of broader discussions that look at items such as Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), intellectual property protection, financial integrity, privacy, and compliance with industry and government regulations.
This research note provides IT decision makers with:
- An overview of the entire IRM process.
- The benefits of IRM over traditional IT security.
- A brief discussion of risk analysis.
- Best practices for moving forward with IRM.
Information is the enterprise's most valuable asset. Enterprises that are serious about protecting this asset must go beyond the traditional concept of IT security and adopt a more comprehensive IRM strategy.