IT Security Foundation: Assessing IT Adversarial Risk for Digital Transformation
This IDC study describes a formal risk assessment process that can be used by CISOs to evaluate the nature and extent of IT adversarial risk associated with a digital transformation initiative. It can be applied at a high level by CIOs — associated with a broad organizationwide security program — or in a more in-depth way by program managers as the scope of a project becomes more defined. This study focuses on enterprise security, enterprise architecture, and IT services management."Organizations often make 'seat of the pants' determinations about the need for security," said Pete Lindstrom, vice president of Security Strategies, "But the only way to truly understand the effectiveness of a program is to implement a risk assessment program complete with a feedback loop."