Discover Performance

HP Software's community for IT leaders // March 2012

Five steps to limit business risk

Effective risk management through true enterprise security intelligence starts with a simple process.

Limiting risk is a major touchstone of executive success, arguably as important as revenue growth. For today's enterprise, IT risk is everywhere: attacks, accidental breaches, compliance failures. IT executives need a broad perspective on risks to the enterprise.

That comprehensive view of your IT security stance is coming to be known as enterprise security intelligence (ESI). ESI moves away from ineffective, siloed security initiatives in favor of an integrated security framework for the entire organization.

"An important part of what ESI can do for a company is to encourage holistic, coordinated planning," says Alan Kessler, vice president for enterprise security at HP. "When you're consistently proactive about your security plans, implementing the methodology that will limit risk comes much more easily."

But elevating your perspective on IT security beyond "Are all my patches up to date?" requires a systematic approach to understanding the greater concept of business risk. Get there by following five basic steps:

Step 1—Assess your needs.
Inventory all assets that may require security and understand their overall importance to the business. As part of your assessment, categorize issues as high, medium, or low importance. With a low-risk asset, such as a blog, minimal security may be sufficient, whereas a web-based payroll application is sure to need robust security.

Step 2—Identify your objectives.
For each issue found during the assessment phase, identify the outcome you want. This process is especially important for mission-critical and high-risk applications. Do you need a kill switch that can terminate a process immediately? Do you need a real-time dashboard for monitoring security or are end-of-day reports sufficient?

Step 3—Research the possible solutions.For each issue, know which options are available to achieve the objective you've set. How will you get there? For example, if you need a firewall and an intrusion detection system (IDS), whom can you rely on to provide it?

Step 4—Test and evaluate the potential solutions.
Before you decide on a solution, perform a detailed pilot test. This is especially important if your new solution sits within the network and can potentially cause mission-critical outages. You should know ahead of time whether there are any business requirements that the target solution cannot address.

Step 5—Appoint specialists to shepherd the implementation.
You'll need to decide whether to manage the implementation in-house or hire professional services. Assess the skills of your IT staff and their available bandwidth. Meanwhile, request bids for managed services. Outside professionals bring focus and expertise to your project and can often provide training for in-house staff.

Lower risk, high reward
This sort of simple, strategically coordinated security assessment is an excellent springboard to ESI. Organizations that approach security and business risk in this way can expect to improve the effectiveness of security across the enterprise and limit all types of business risk.

To learn more about ESI and ways to limit your business risk, visit


IT leader assessment

This tool evaluates the correlation between IT attributes and business success and, based on how your answers compare with average scores, will advise you where to invest in IT.

It is based on data HP collected from 650 global companies about a range of IT characteristics (server capacities, approach to information management, security, BYOD, etc.) and how they correlate to revenue gain. This assessment will compare your answers to the average scores in that study.

There are 12 questions that will require an estimated 10 minutes of your time. You'll receive a summary of your rating upon completion.

Let's get started

Please select an answer.


Your answer:
Your score:
Average score:
Revenue leaders' score:


Please select an answer.



Your score:
Average score:
Revenue leaders' score:

Get detailed results:


Popular tags


Discover Performance Weekly

HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.

Enterprise 20/20

Security 20/20

Preparing today for tomorrow’s threats.

Introduction to Enterprise 20/20

What will a successful enterprise look like in the future?

CIO 20/20

Challenges and opportunities for the CIO of the future.

Dev Center 20/20

How will we organize development centers for the apps that will power our enterprises?

Marketing 20/20

Welcome to a new reality of split-second decisions and marketing by the numbers.

IT Operations 20/20

How can you achieve the data center of the future?

Employee 20/20

What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.

Mobility 20/20

Looking toward the era when everyone — and everything — is connected.

Data Center 20/20

The innovation and revenue engine of the enterprise.

Read more

HP Software related

Most read articles

Discover Performance


Tweets @ HPSecurity