Computers, networks, and information security seem to fall comfortably under the heading of science, but science alone is not enough. Security system developer Tripwire recently conducted a survey in cooperation with the Ponemon Institute to find out whether IT professionals consider risk management to be “science” or “art.”
Ponemon surveyed 1,320 respondents across the United States and the United Kingdom: IT professionals working in information security, risk management, IT operations, business operations, and compliance. Participants were asked, “In your opinion, is information security risk management an ‘art’ or ‘science’?”
Ponemon defined the two concepts for the purposes of the survey. “Science” means basing decisions on objective, quantifiable metrics and data. “Art” refers to analysis and decisions that are based on intuition, expertise, and a holistic view of the organization.
Two-thirds of those from IT and enterprise risk management or business operations sided with “art,” while nearly two-thirds of the respondents who work in IT security and IT operations chose “science.”
To read this article in full or to leave a comment, please click here