Risk Management and the Adaptable Data Center®
How to Leverage Security in the Adaptable Data Center®
John Wondolowski, CTO at CMI, discussed in his recent blog how the CMI Adaptable Data Center® framework is based upon an Enterprise platform that fuses together legacy I.T. assets with future I.T. assets. It can also securely and seamlessly leverage cloud-based services. Taking into consideration the continued evolution and clearer definition of security roles and responsibilities, it is key to see how the Adaptable Data Center® can assist your enterprise with information security governance and good risk management practices.
- The assessment of risk is a standard procedure.
- Responsibilities for security are clearly defined.
- Responsibilities and standards for continuous service are enforced.
Find the Desired State Through the Adaptable Data Center®
A good security strategy is key to success but it is not the only success criteria. By using the CMI Adaptable Data Center® framework, organizations can focus attention on the desired state. This, in turn, drives attention to business critical functions that create the strategy needed to win by including the people, processes and technologies, organizational structures, culture, services, skills, competencies and regulations in the definition.
Risk management can mean different things to different people. In this instance, we are working from the ISACA definition, which states:
“In practical business terms, risk management means risk is managed so that it does not materially impact process in an adverse way, and that an acceptable level of assurance and predictability to the desired outcomes of any important organizational activity are provided for.”
Given the above, once the desired state is agreed upon using the CMI Adaptable Data Center® framework, the next important task is conducting a risk assessment. A risk assessment helps identify known vulnerabilities and identify weaknesses in the people, processes and technology in the desired state. Once identified, the impact of these can be prioritized based on the importance and value of the affected assets (information assets and/or physical assets alike) and appropriate security controls and countermeasures can be designed to mitigate the identified weaknesses.
It is widely accepted that all organizations need to take steps to protect the Confidentiality, Integrity and Availability (CIA) of their information assets. Utilizing the CMI Adaptable Data Center® framework and following sound risk management practices will help lower the probability that a threat source will be able to exploit a vulnerability. Mitigating threats and vulnerabilities greatly reduces their negative impact to the organization which can include service level agreements (SLA) violations, and financial loss.
Feel free to comment below or ask a question – CMI can help with all aspects of your information security needs, from a full security review to a penetration test, gap analysis, vulnerability assessment or complete landscape redesign. We are your Adaptable Data Center® team.
CMI – Your Adaptable Data Center Company