The State of Risk-Based Security Management

Risk-based security management (RBSM) is rapidly gaining acceptance as an essential security practice. But how far along are organizations with it? Ponemon Institute and Tripwire teamed up to explore the state of RBSM in the US. Discover the study’s key findings:


- Although organizations profess a strong commitment to RBSM, they’re taking little action


- Those organizations with a formal approach to RBSM tend to walk the talk


- Most organizations implement the appropriate preventive controls, but neglect to implement sufficient detective controls


- Position level of the respondent in the organization affects how threats rank on their "Security Fright Index"


- How perceptions of RBSM differ in the US, the UK, Germany and the Netherlands