Symantec Report Takes Aim At Persistent Myths About IT Risk

IT Risk—encompassing security, availability, performance, and compliance elements—has become a critical issue for executives and boards of directors. Yet some common myths about IT risk persist, and they need to be dispelled if IT risk is to be managed effectively.

So concludes Volume 2 of the Symantec IT Risk Management Report, issued in late January. Based on survey responses from more than 400 IT professionals in 39 industry sectors, this latest report builds upon the findings of Volume 1, which was released in February 2007.

What changed in a year?
The initial IT Risk Management Report, based on more than 500 interviews, concluded that best-in-class organizations—even though they face higher risk levels—experience fewer incidents than less-effective organizations. Their effective defense against more intense attack may be attributable to balanced investments across a range of controls to mitigate the full spectrum of IT risks.

Volume 2 extends and further defines some of the key issues and trends raised in the first report. For example, awareness of the importance of IT risk management to organizations and the IT profession itself continues to rise. However, this awareness hasn't yet "dispelled a few persistent misunderstandings about the nature and extent of IT risk, the best ways to manage it, and the shortcuts and traps that lie along the path."

Specifically, Volume 2 identifies four persistent myths about IT risk management