There has been much discussion of risk-based security, especially since security budgets and headcount have been increasingly constrained.
According to a report from the Ponemon Institute, adoption of this philosophy continues to grow, with 77% of respondents in the UK claiming a significant or very significant commitment to risk-based security.
However, we have found many organisations are uncertain how to implement it in a practical and pragmatic way.
Our response has been to create a simple process for the identification, analysis and prioritisation of risks that can be implemented without the need for significant investment in time or money.
The challenge for most businesses seems to stem from three areas of weakness, which must be addressed in order for any risk-based approach to succeed: