IT security pros must increase risk appetite

[InfoSec News <alerts () infosecnews org>]

http://www.zdnet.com/it-security-pros-must-increase-risk-appetite-7000003130/

By Liau Yun Qing
ZDNet.com
August 24, 2012

SINGAPORE -- IT security professionals will need to be more open to 
risks with regard to mobile device management in order to support, and 
not hinder, business needs. It will need close cooperation with other 
departments such as legal and human resource to fulfill its role though, 
one Gartner analyst says.

Christian Byrnes, managing vice president at Gartner, said during an 
information security conference here on Friday that IT security 
employees tend to fear risk and would over-react when it comes to 
managing the bring-your-own-device trend within the organization.

The worst-case scenario for risk-adverse professionals would be for them 
to create security policies that stop employees from carrying out their 
job duties, Byrnes elaborated. For example, IT would try to impose rigid 
security rules that makes accessing company data via workers' mobile 
devices more difficult, and these situations occur because the IT team 
lacks knowledge of the risks involved and how to protect corporate data 
on mobile devices, he said.

However, businesses by nature "strive on risk" for growth and IT 
security professionals will need to change their mindsets in order to 
make a positive impact, he urged.

[...]