The Choice of Risk Management or Compliance?

532 Words2 Pages
Introduction The task of risk management has perplexed many organizations. Organizations have to make important decisions which will ensure their assets (data) are secure. Not only do organizations have to be concerned with risk management but they are also tasked with ensuring their systems are compliant. The article “When it comes to enterprise security is it better to focus on compliance or risk”? discusses which area should be considered a higher precedence compliance or risk. The author Christian Anschutz, of the article is SVP and former CIO of Underwriters Laboratories. The article focuses on security, technology and financial risks. Has the author taken into consideration underlying circumstances in which organizations are not able to place one area above another? What are the industry standards? Who enforces these standards? This paper will focus on hazy task of organizational risk management and compliance.
Background
According to (Landoll, 2011, p.4) “Security risk management involves the process of ensuring that the security risk posture of an organization is within acceptable bounds as defined by senior management.” In other words risk management is what an organization needs to implement in order to minimize risk to their Information Technology (I.T.) systems. Organization are usually restricted by a budget when attempting to implement a secure risk management plan. There must be a fine balance between budget management and fulfilling the organization’s
Get Access