Growing Security Awareness Driving Risk Assessments
A heightened awareness of security on the part of business managers is driving demand for information security risk assessment from major auditing firms, according to a KPMG partner.
"There is a distinction between what an insurance company is requiring and what managers are asking us to do," says Lindig.
Lindig is the national partner in charge of KPMG's Information Risk Management practice. He has more than 19 years of experience in providing risk management services to clients in multiple industries.
Another strong driver of information security risk assessment is increasing federal regulation of certain industries, including a looming January 2004 deadline for security certifications now being required by the Federal Energy Regulatory Commission of the gas, pipeline and electrical utility providers.
"If you have a system that is not well controlled from a security perspective, you really cannot rely on the other controls in that system," Lindig suggests.
Typical vulnerabilities KPMG's auditors find when they perform an information security risk assessment include:
"The customer has to tune the monitoring platform for everything they want to monitor," Lindig advises.
March 26, 2003
Over-hyped security initiatives have drained budgets and CEO confidence in IT expenditures, making corporate execs cautious about further security implementations this year, according to a new Gartner report.