Handle risk better and reap the rewards

By on
Handle risk better and reap the rewards

It’s been a busy month. By the time you read this, three highlights of the infosec year will have passed in quick succession: Infosecurity Europe, Jericho Forum’s annual conference and, of course, the SC Magazine Awards, Europe 2006. If you weren’t there on the night, the full list of winners and finalists is enclosed with this issue in the commemorative book of the night. Congratulations to all those who went home with one of the coveted gongs.

You will have allowed yourselves a little downtime during the aforementioned events, I'm sure, but the threats and risk you face show little sign of abating.


Risk is something that Andreas Wuchner knows about. The global head of security at Swiss pharma giant Novartis has, with careful use of resources and pinpoint planning, built his employers a world-class risk management system. It is just part of his integrated approach to security, which also encompasses full compliance capability and, just as importantly, total buy-in from Novartis' workforce and board.

Such is Wuchner's achievement that Novartis is one of the few companies to measure progress on information security in its (beautifully produced) annual report. You can read more about Wuchner's approach in Ron Condon's incisive interview.

Measuring risk and prescribing a realistic level of response is tricky – even for seasoned pros. What works in one sector may not work for you or the business you are charged with protecting. It's not enough to bring across the strategy that worked at your last company. That's the gist of Gary Flood's feature, Chance Assessment. He's been out talking to the risk experts about how developing and reviewing a risk management strategy means taking on board acceptable loss (and meaning it) as well as non-IT elements in the mix.

Hosted services can be a cost-effective way of freeing up development and project management time, and IT managers increasingly see the benefits in the off-the-shelf approach. But can you trust hosted services to deliver security. Dare I say it – can you risk it? Rob Jaques has been asking the right questions to those in the know and you can read his findings in his Protection for hire feature.

The demise of the NHTCU was the subject of much debate in the last month as its work was incorporated into the government's new Serious Organised Crime Agency (SOCA). Not everyone's happy about this development (see Two Minutes On...) and it will be interesting to see just what happens in the next 12 months. Will the government be forced to reinstate the NHTCU (or a variant) or will the regional police forces, as promised, be able to cope with rising cybercrime?

If, as the DTI's Information Security Breaches Survey indicates, more than two-thirds of smaller firms continue failing to encrypt online transactions, the boys in blue may have their work cut out.

Paul Fisher is editor of SC Magazine

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
  |  Forgot your password?