"The purpose and needs for these is to establish those same business tools for information security professionals to enable them to make better business decisions," Center for Internet Security Chief Security Officer Steven Piliero says.
Responding to market demand is ISACA, the non-profit security organization, which launched the Certified in Risk and Information Systems Control certification for IT risk professionals early this year.
Debbie Christofferson has worked in IT and information security for many years. And if there's anything she's learned about risk management, it's this: It's all about risk. "All of your decisions about information security should be based on risk to the organization."