Information Security Risk Best Practices

The use of a "traffic light" report, which documents the status of each metric, is a good visual tool. The categories to be tracked must be based on the enterprise's information security policies. The rating for each category must assess the business unit's compliance level against people, processes and tools.

Metrics, scorecards and dashboards are a multiyear effort. The first year (or first six months) establishes a baseline for each business unit's level of compliance with the information security risk management program. Subsequent releases enable an enterprise to track improvements and setbacks. That enables senior management to focus on "risk hot spots."

Action Item: Report semiannually to senior management on the information security risk management program.

Recommendations

Bei dem Text handelt es sich um einen Auszug aus einem Kapitel des neuen Berichts "Securing the Enterprise: The Latest Strategies and Technologies for Building a Safe Architecture." Der Bericht gehört zum Angebot der neuen Gartner Executive Report Serie. Für weitere Informationen wenden Sie sich bitte an Gartner .