As business demands push the adoption of emerging technologies, security risks are on the increase, with the sheer number of portable and mobile technologies being plugged in and out of corporate networks on a daily basis.

End-users are also becoming more tech-savvy as time goes on, which is seeing the emergence of personal responsibility at end-user level. Amongst the top concerns for businesses are mobile computing, removable data and wireless networks. Interestingly enough, open source software (OSS) is categorized as a possible concern, purely based on its 'unknown' factor.

Lastly, based on organizational alignment and delivery, two-thirds of respondents report that they have an IS function, but more than a quarter of them say that this function is not incorporated into the organization's overall security risk management processes.

In addition, a large percentage of the overall IS budget is spent on routine operations, something that could easily either be outsourced or automated.

The key to putting together and executing an IS strategy, Nel says, is based on standards, and not doing it alone. "Organizations need to do the right things right. We often find that businesses will do the wrong thing extremely well, however, and they generally tend to be putting out fires, instead of focusing on proactive protection."