Enterprises Need to Improve IT Vendor Risk Management
I had the pleasure of attending a presentation given by Dr. Ron Ross, a fellow at the National Institute of Standards and Technology (NIST). Ron’s areas of specialization include information security, risk management, and systems security engineering.
In his presentation, Dr. Ross delivered a bit of a counterintuitive message on cybersecurity by stating, “We have to stop obsessing about threats and start focusing on asset protection. To drive home this point, Dr. Ross added, “If 90% of our bridges were failing, we’d mobilize teams of engineers right away. Yet when 90% of our IT systems are insecure, we focus a good part of our attention on external threats.”
To read this article in full or to leave a comment, please click here