July 31, 2012 // By: Heather McIlvaine // Information Security Found Lacking
While it’s apparent that existing information security policies aren’t what you would call ideal, the survey makes it clear that quality risk management is especially lacking. Researchers don’t have an explanation for this disparity. But what exactly is the difference between these two policies?
Information security is a set of standards and processes to ensure confidentiality and integrity during the exchange of information. Risk management is a process in which an enterprise tries to identify potential risks and find ways to reduce or avoid them. For example, a company might ask itself: What’s the likelihood of a cyber attack? What would be the impact on the enterprise if that happened? What can we do to prevent those consequences, or diminish them?