Expert Answer Center > Experts On Demand > View Answer
EMAIL THIS
Experts on Demand
  EXPERTS ON DEMAND HOME     POSE A QUESTION     VIEW ANSWERS     BROWSE BY TOPIC        RSS FEEDS  
Isn't it really all about accounting for your assets, placing a value on each, (assessing the impact to your business if a breach occurs), calculating the risk, (threats, vulnerabilities and likelihood of occurrence), and then implementing security controls to minimize the risks starting with the highest? And to keep doing this as long as your security budget lasts. Oh and then starting over again. ISO 27001:2005 outlines this very approach. QUESTION POSED ON: 16 OCT 2006
QUESTION ANSWERED BY: Ed Tittel How can I argue with somebody who quotes chapter and verse from one of the primary sources of guidance for compliance activity? But, as they say, "the devil is in the details" and indeed I see plenty of infernal influence every time I dig into same.
HomeExperts on DemandIT Expert Webcast SeriesExpert KnowledgebaseSite Index
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts