Security risk management
Microsoft Solutions for Security and Compliance and Microsoft Security Center of Excellence
The Security Risk Management Guide
© 2006 Microsoft Corporation. This work is licensed under the Creative Commons Attribution-NonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
Contents
Chapter 1: Introduction to the Security Risk Management Guide
Executive Summary
The Environmental Challenges
Most organizations recognize the critical role that information technology (IT) plays in supporting their business objectives. But today's highly connected IT infrastructures exist in an environment that is increasingly hostile—attacks are being mounted with increasing frequency and are demanding ever shorter reaction times. Often, organizations are unable to react to new security threats before their business is impacted. Managing the security of their infrastructures—and the business value that those infrastructures deliver—has become a primary concern for IT departments.
Furthermore, new legislation that stems from privacy concerns, financial obligations, and corporate governance is forcing organizations to manage their IT infrastructures more closely and effectively than in the past. Many government agencies and organizations that do business with those agencies are mandated by law to maintain a minimum level of security oversight. Failure to proactively manage security may put executives and whole organizations at risk due to breaches in fiduciary and legal responsibilities.
A Better Way
The Microsoft approach to security risk management provides a proactive approach that can assist organizations of all sizes with their response to the requirements presented by these environmental and legal challenges. A formal security risk management process enables
The Security Risk Management Guide
© 2006 Microsoft Corporation. This work is licensed under the Creative Commons Attribution-NonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
Contents
Chapter 1: Introduction to the Security Risk Management Guide
Executive Summary
The Environmental Challenges
Most organizations recognize the critical role that information technology (IT) plays in supporting their business objectives. But today's highly connected IT infrastructures exist in an environment that is increasingly hostile—attacks are being mounted with increasing frequency and are demanding ever shorter reaction times. Often, organizations are unable to react to new security threats before their business is impacted. Managing the security of their infrastructures—and the business value that those infrastructures deliver—has become a primary concern for IT departments.
Furthermore, new legislation that stems from privacy concerns, financial obligations, and corporate governance is forcing organizations to manage their IT infrastructures more closely and effectively than in the past. Many government agencies and organizations that do business with those agencies are mandated by law to maintain a minimum level of security oversight. Failure to proactively manage security may put executives and whole organizations at risk due to breaches in fiduciary and legal responsibilities.
A Better Way
The Microsoft approach to security risk management provides a proactive approach that can assist organizations of all sizes with their response to the requirements presented by these environmental and legal challenges. A formal security risk management process enables