computerwoche.de

Archiv

IBM: The rapidly changing role of top security executives

04.05.2012

• Nearly two-thirds of security leaders say their senior executives are paying more attention to security today than they were two years ago, due in large part to media attention. One of the chief attributes of a leading organization is having the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. In fact, 60% of the advanced organizations named security as a regular boardroom topic, compared to only 22% of the least advanced organizations, IBM said.

• Attention is shifting toward risk management. In two years, security leaders expect to be spending more of their time on reduction of potential future risk, and less on mitigation of current threats and management of regulatory and compliance issues. According to IBM, forward-thinking security organizations are more likely to establish a security steering committee to encourage systemic approaches to security issues that span legal, business operations, finance, and human resources. Fully 68% of advanced organizations had a risk committee, versus only 26% in the least advanced group. Use of data-driven decision making and measurement: Leading organizations are twice as likely to use metrics to monitor progress, the study showed (59% vs. 26%).

• Shared budgetary responsibility with the C-suite: The study showed that within most organizations, CIOs typically have control over the information security budget. However, among highly ranked organizations, investment authority lies with business leaders more often. In the most advanced organizations, CEOs were just as likely as CIOs to be steering information security budgets. Lower ranking organizations often lacked a dedicated budget line item altogether, indicating a more tactical, fragmented approach to security. Fully 71% of advanced organizations had a dedicated security budget line item compared to 27% of the least mature group, IBM said.

Follow Michael Cooney on Twitter: @nwwlayer8 and on Facebook.

in Network World's Wide Area Network section.