ArabianBusiness.com - Middle East Business News
Sunday, 07 September 2008 | 10:17 UAE time

YOUR DIRECTORY /

Print this page Print this page | Email this to a friend Email this to a friend | Discuss this article (0 Comments) |

Adding up

by Sathya Mithra Ashok on Wednesday, 06 February 2008
Jeff Ogden, director of consulting at MENA for Symantec’s global services.
Jeff Ogden, director of consulting at MENA for Symantec’s global services.

Risk calculation is essential but to be successful it must be an ongoing process, not a periodic snapshot.

Risk calculation and mitigation is pretty much the first thing that enterprises need to do when they want to get an accurate idea of how much and where they should invest their security money.

"Business decision-makers always look to hard numbers whenever a budget is requested.

Story continues below
advertisement

If risk management is to be successful it must be an ongoing process, not just a periodic snapshot.

They would like to see clear dollar values associated with the risk claimed to be out there, along with a clear RoI model linked directly to the business. Additionally, it is very difficult, nearly impossible, to be sure whether the investment put in place is really making sense to the business, or not, without realising the potential losses.

Therefore, calculating the risk becomes a necessity as part of the risk management process," says Ahmed Etman, security business development manager at Cisco Middle East.

Guru Prasad, general manager for networking at FVC agrees: "Risk assessment is absolutely essential. IT managers have to do that to be able to justify to their senior management security spend.

Basically that is the way to tell the CEO that if you don't invest in technology, these are the risks that the business faces. They have to do that assessment before the top management can say ‘yes go ahead and spend that money.'

That is one of the things we have also seen that IT managers struiggle with - how to justify spending on IT and the answer is simple - just do risk assessment. It is like selling insurance; unless you are really told what could happen or something really happens to you, you never think about buying insurance.

The same concept applies when buying security products and solutions.

Apart from helping IT managers and higher management plan the security budget more accurately, risk assessment is essential for enterprises to understand the threats that are likely to visit them and acts as a reliable guide to fashion policies to prevent or subdue attack vectors.

In spite of the obvious necessity of risk assessment, many Middle East enterprises remain either ignorant of the concept or shy away from the prospect of using it to advantage.

"We cannot deny that the majority of enterprises in the region are still in their infancy when it comes to such disciplines in information security management practices; however, the progress is certainly obviously moving in the right direction.

Over the last few years, several organisations, mainly in the government sector, have been heavily focused on creating security and risk management frameworks," says Etman.

In the Middle East, probably less than 25% of enterprises do risk assessment.

A lot of them are working on standards such as ISO 27001 but I don't think they are necessarily connecting security to business functions. Of this 25%, I would say less than 10% understand the concept and think and manage the organisation from a risk perspective," states Jeff Ogden, director of consulting at MENA for Symantec's global services.

It is essential that Middle East enterprises not only understand the importance of conducting risk assessment but also put in place the right processes for getting the most out of the procedure.

Understanding risk

According to Symantec's recent white paper, many people confuse threats and vulnerabilities with risk.

To be at risk, an organisation needs to be subject to a threat that is able to exploit a vulnerability and then go on to cause an impact on some system or process that it is operating. All three elements: threat, vulnerability and impact need to be present for you to be at risk.


next page »
Page 1 of 3

Print Print | Email Email | Discuss this article |


TOP IN MIDDLE EAST TECHNOLOGY

  1. New crackdown launched on satellite TV dishes
  2. Saudi to ease food crisis with investment
  3. ME internet traffic growth world's 2nd fastest - report
  4. Firms rush to exploit Middle East IT opportunities
  5. $68mn DuBiotech lab 'to open in December'

TOP MIDDLE EAST BUSINESS STORIES

  1. UAE risks losing ICC World Cup Qualifier
  2. Dubai firm's IPO plan to fund $272bn projects
  3. Egypt posts $5.4bn balance of payments surplus in 07/08
  4. Santander, Fenosa in talks over Cepsa stakes with IPIC
  5. 47mn Dubai commuters ride the bus in '08

ALSO IN MIDDLE EAST TECHNOLOGY

  1. Call waiting
  2. Juniper hires Carr to drive enterprise sales
  3. Microsoft returns to Gitex
  4. Easy access
  5. Cabling maker ties up UAE integrator partnership

LATEST MIDDLE EAST BUSINESS FEATURES

  1. Banking & Finance: Investing in turmoil
  2. Travel & Hospitality: Captivating Croatia
  3. Technology: Call waiting
  4. Construction & Industry: Shade seekers
  5. Sport: Out of the blue

USER COMMENTS (0 COMMENTS)

CLICK HERE TO POST A COMMENT

Add your Comment
All posts are sent to the administrator for review and are published only after approval. ArabianBusiness.com reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic.
Name *
Remember me on this computer
Email *
(Your email address will not be published)
City
Country
Subject *
Comment *
Notify me of further comments
Security Code * Code


Please click post only once - your comment will not be published immediately.
From  Current Issue

RELATED STORIES

Cisco Systems
| 3 stories
  1. Linksys confirms cut-off date for making Cisco switch
    27 Aug '08 | News
  2. Technology infects regional healthcare industry
    17 Aug '08 | Features
  3. Cisco to acquire Pure Networks for $120 million
    24 Jul '08 | News
Fortinet
| 3 stories
  1. Plug the leak
    2 Jul '08 | Features
  2. Ground up
    6 May '08 | Features
  3. Fortinet builds channel program for EMEA partners
    24 Mar '08 | News
Symantec
| 3 stories
  1. Code of conduct
    2 Sep '08 | Interviews
  2. Tall latte, hold the malware
    16 Aug '08 | Comment
  3. Middle East falls prey to Coreflood malware
    7 Aug '08 | News

RELATED LINKS

  1. Cisco Systems»
  2. Symantec»
Related links open in a new window and are not endorsed by ArabianBusiness.com.

 EMAIL ALERTS

  1. Cisco Systems

  2. Fortinet

  3. Symantec

  4. Technology


« previous article in this section
Property Law - FAQ
next article in this section »
Investing in turmoil

MOST POPULAR TECHNOLOGY STORIES

BUSINESS FEATURES

Mergers ahead for Middle East telcos

For many regional telecom operators, making acquisitions or merging could be the key to their survival.

The cheapest laptop in the world

Taiwanese vendor Carapelli's Impulse NPX-9000 stakes a claim to the low-end of the netbook market.

The deal closer

CRM products are notoriously difficult to differentiate in terms of functionality, so ACN's here to help.

ArabianBusiness.com/Jobs - Middle East Jobs Search
  1. Group Roaming Director
    Industry: IT & Telecoms
    Location: Abu Dhabi, UAE
  2. Assistant Executive System Engineer
    Industry: IT & Telecoms
    Location: Dubai, UAE
Browse all jobs »

BUSINESS INTERVIEWS

Sanyo's green ambition

Sanyo Middle East's chief regional officer, Takashi Hirao, on the company's plans to go green.

Roman’s empire

Dubai-based firm Aroma Software is bringing e-prescribing software support to the medical market.

Crossing borders

PalTel has implemented Nortel soft switches as the first step of a major organisation transformation.

MORE FROM ARABIANBUSINESS.COM

JOBS

Jobs

SPECIAL REPORTS

Special Reports

SURVEYS & REPORTS

Research

PROPERTY

property