Definitely the topic du jour at the 2012 RSA Conference was risk management. If you apply equal treatment to all your assets you’ll kill yourself doing that, said Dwayne Melancon (@thatdwayne), CTO of Tripwire. More importantly you should ask yourself, “What is the value of each asset to my business and how does that change over time? How does it look when things are good, OK, and bad?”
I argued that an attempt to tackle the risk management issue is a little bit like making a New Year’s resolution to lose weight. You start off well, and have great intentions, but you trail off and don’t keep at it.
Melancon said that while organizations do have policies, they often give up because managing the continuous state of risk is a really hard problem to focus on and manage. Solving the problem of creating a “secure” state is an impossible task, but if you measure by relevant risk it’s very possible.
Melancon asks organizations to look at all your assets and ask what would you be OK leaving on the lawn overnight and what needs to be locked up in the family safe.
Stock photo of risk management button courtesy of Shutterstock.