Most Organizations Lack the Tools and Processes to Assess and Prioritize Risks and Vulnerabilities from the Business Perspective…
Recent security breaches at major retailers such as Target, Neiman Marcus and Michaels Stores have given further visibility of and placed a greater urgency around IT risks that have a direct impact on the business. For many years, information security has taken a back seat to other corporate priorities, but security has evolved — and moved up the corporate ladder — from simply restricting access to a few monolithic systems, to enabling safe access in a business environment that is dynamic, global, and always on.
Security is no longer just a technical issue that can be managed in bits and bytes; it’s a core business issue. Modern networks and data centers consist of many complex and intertwined business applications — from commercial off-the-shelf applications such as SAP and SharePoint, to homegrown applications performing custom business logic, to 3rd party cloud-based services — all are critical for the business to run.
A security breach or an outage to a business application or an entire network has a direct impact on a company’s bottom line. Security has to be effective enough to minimize risks to the business but also must enable the business to be agile in order to stay relevant and competitive. This requires a different approach to vulnerability management and a shift in the way security is viewed.