Majority of IT Managers Want to Improve Risk Management

Sue Marquette Poremba
Slide Show

Embedding Sound Risk Management Practices into an Organization

So often we hear about the things employees do to put enterprise security at risk. In a survey of IT managers, Courion Corporation asked what some of those risks were. The answers weren't too surprising, as the top risks included the potential losses of sensitive data, corporate reputation, intellectual property and revenue.


But the Courion survey showed something a little different than the typical risk-related survey. It showed a real disconnect between risk concerns and the actual solutions. According to the survey, very few IT managers (12 percent) bother to do regular reviews to make sure user access isn't a risk factor. As Courion pointed out in a release:

They're not focused on identifying new or growing areas of access risk from internal users abusing privileges. With internal and external threats to data multiplying quickly, such infrequent reviews aren't keeping pace with the growth of user access risk levels.

Here's a statistic from the survey that jumped out at me: Fewer than 10 percent feared losing their jobs because of a serious data breach caused by inappropriate user access.


Not that I advocate anyone losing his or her job, but my takeaway from this survey is no one seems to want to step up and take responsibility for making sure data is secure, and, in this case, making sure that the proper steps for granting user access are followed.


Now it appears that the majority of IT managers say they want to improve risk management. Fifty-two percent want to be able to manage critical risks of enterprise data in using real-time graphical profiles. But 53 percent said they lack visibility into the risk management data they need to create these profiles.


Security risks from improper user access are a serious problem. A Government Accountability Office report from late last year showed that federal security breaches rose 650 percent over a five-year period. While there were a number of reasons, one that was pointed out was inappropriate user access. For example, an article at NextGen pointed out:

The assessment cited a recent audit that found IRS has neglected to block employees from using databases they aren't required to access for their jobs.
"As a result, financial and taxpayer information remain unnecessarily vulnerable to insider threats and at increased risk of unauthorized disclosure, modification, or destruction," the report said.

The Courion report rightly shows that there is a problem and that there are IT managers who not only see the problem, but want to fix it. The next step is making that happen.

Add Comment      Leave a comment on this blog post
Feb 9, 2012 7:33 AM Colm Colm  says:


Having worked as an IT manager for a number of years I think you make a few very valet points. When I changed company (who where really focused on security) I remember think to myself how easy it was to gain access to information in my pervious job. I was shocked how easy it was to gain access to servers and financial information.

I think most of these come down to 2 things

1. Lack of knowledge

2. To busy firefighting day-to-day

I also agree that many IT managers want to make changes and it's an area they should and need to be focused on



Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.