Contact | Support | Login | Content Library Search
Home > Innovation

Information Risk Management

Key Solution Advisory

Informtion Risk Management Solution Advistory

New! Understand the key steps you can take to start implementing a risk-oriented approach to security.

View Advisory
Vantage Magazine Article
Vantage Magazine Article

RSA's Strategy for Information Risk Management: Taking a holistic, risk-based approach to IT Security

View Article

Three Pillars to an Information Risk Strategy

Information Risk Management follows information as it is created, distributed, stored, copied, transformed and interacted with...throughout its lifecycle.

1) Information-centric approach: Begin by understanding what information is critical to key business initiatives, such as growth through acquisitions or expanding partnerships. Then diligently ‘follow the data’ to gain a more holistic view of all the places where it exists across the organization, where the points of vulnerability are, and what events could put your business at risk.”

2) Risk/Reward analysis: Security investments should be prioritized, based on the amount of risk a given activity entails relative to the potential business reward, and in keeping with the organization’s appetite for risk.

3) Ensuring repeatability: Once enterprise information has been located and a risk assessment performed, the next step is to implement controls — including policies, technologies, and tools — to mitigate that risk. Here, organizations often turn to frameworks like ISO 27002 and the PCI Data Security Standard.
Top of Page Email to a Friend Print
© 2010 RSA Security. All rights reserved | Privacy | Legal | Site Map

RSA, The Security Division of EMC, provides Secure Data, Compliance, SIM, SEM, SIEM, PCI, Consumer Identity, Two-Factor Authentication, Custom Applications, Consulting, Assessment, and other security solutions and services to over 90% of the Fortune 500.
 
Access Control |  Authentication and Identity Assurance |  Credential Management |  Data Loss Prevention |  Data Encryption and Key Management |  Fraud Prevention |  Security Information and Event Management |  Log Management |  IT Compliance |  ISO 27002 Compliance |  Information Risk Management for Financial Services |  Payment Card Industry Data Security Standard | 
 
RSA Access Manager
RSA BSAFE
RSA eFraudNetwork
 RSA Data Loss Prevention
RSA Consumer Solutions
RSA FraudAction
 RSA Digital Certificate Solutions
RSA Encryption/Key Management
RSA Enterprise Data Security
 RSA enVision
RSA SecurID
RSA Smart Cards

 RSA Federated Identity Manager
RSA Adaptive Authentication