(By Info-Tech Analyst Ross Armstrong- Printed with permission from Processor magazine www.processor.com).
I hear a lot of companies complain that the business just doesn't step up to the plate when it comes to mitigating risk. “No ownership!” they cry. “How am I supposed to protect data when the executives won't even tell me what our information assets are worth?”
To me, the problem seems to be that compliance/governance and IT security are not under a single umbrella, when they probably should be. So what's wrong with current approaches to risk management? Depending on company size, one of three scenarios exists, and each has specific problems.