Risk management was definitely the buzzword du jour at both the 2012 RSA Conference and Security B-Sides in San Francisco. Everything is being called a risk management tool even if they’re just dealing with threats and vulnerabilities, said Ben Tomhave (@falconsview), blogger of Falcon’s View.
Tomhave argues that the new vendor options are not a new security but they definitely offer a key component of the security.
“Everyone wants to be part of that risk management pie, especially from a vendor perspective,” said Tomhave. For example, as Tomhave pointed out, vulnerability scan companies are now talking about security risk intelligence. It’s not that they’re doing risk management, but they’re generating values that go into a risk calculation.
These so called “risk” tools are not actually quantifying the impact which is critical to doing a risk management analysis. There’s some term confusion as there’s a rush to fill that void of solving the risk management problem, Tomhave said.
Financial services were the first to adopt a lot of these risk management practices. The trick is to help the other 99 percent of the companies to follow suit, said Tomhave.
Stock photo of risk flowchart courtesy of Shutterstock.