The state of risk-based security management
Posted on 25 June 2013.
A new Ponemon Institute survey covers risk-based security management program governance and maturity and includes 571 U.K. and 749 U.S. respondents from the following areas: IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management.


“The findings from this report strongly indicate that risk-based security management is still viewed as an IT or security task instead of a business task,” noted Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Unfortunately, the full value of a risk-based approach to security can only be realized when senior business leaders fully participate in the process.”

Key findings from the survey include:
  • 77% rated their organizations’ commitment to risk-based security management as ‘significant’ or ‘very significant’
  • 86% identified the minimization of non-compliance as a key business objectives for risk-based security programs and 85% identified the protection of intellectual property
  • 59% say that risk-based security management helps align security programs with business objectives.
However:
  • 48% say their organizations approach or strategy for risk-based security management is non-existent or ‘ad-hoc’
  • 61% say that the business has little or no input involvement in providing risk-based analysis
  • 51% don’t have a risk-based security management program or most program activities have not been deployed
  • Only 27% have a security risk management strategy that is applied consistently across the enterprise.





Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //