White Paper: Building a Security and Risk Strategy for emerging technologies


High Performers & Foundational Controls: Building a strategy for Security and Risk Management 


This Enterprise Management Associates White Paper discusses building a strategy security risk management.


With all the attention given to the increasing sophistication of threats, and the security implications of technology trends such as virtualisation and cloud computing, our enterprises ready for tomorrow's security risks? These are the questions being addressed in this white paper.


The White Paper concludes that for many organisations the answer is no!

EMA examines a number of broad enterprise-based issues that must be considered in order to establish a solid foundation for risk management and IT security. Interestingly, this White Paper analyses key traits that distinguish high performance. Its conclusions illustrate the importance of defined objectives that are implemented and enforced. Whilst this may come as no great surprise to those working within the field the best practice model illustrated follows the plan-do-check-act model consistently seen at the core of standards development.


In considering the questions posed the paper addresses not only critical success factors, but also how to begin and lay proper foundations for effective risk control. It also analyses and comments on a number of techniques that are able to mitigate security and risk threats. A number of aspects are particularly relevant to the broader thinking such as questioning attitude based upon "threat defence" without proper consideration to the broader management of vulnerabilities. It also raises, in the broadest sense, vulnerabilities arising from gaps in the management processes used and dependence on human factors.


A significant point raised was the interconnection of security and risk management with other management initiatives, particularly relating to compliance and quality management. This reinforces the position of the Continuity Forum that is no aspect of the business or organisation can be considered a silo, and that effective business continuity, risk management and security can only be gained through an integrated and measured approach.


This white paper was commissioned by IBM in 2009 and is available for download here