TAG | Security evangelists needed to bridge the business-IT disconnect |
|
| by Stuart Corner | |
| Friday, 19 September 2008 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
For example, "business respondents say they are more confident about security and risk within their organisation than IT respondents and as a result business respondents estimate less spending on security and risk initiatives over the next 12 months than IT respondents." Forrester surveyed 175 large enterprises with revenues in excess of $US250 million in the US, EMEA and Asia Pacific and asked business and security and risk executives about their priorities and challenges for risk, compliance, and security initiatives within their organisations. It found that "even though 91 percent of respondents agree that security is a CEO or board-level concern, conflicting business priorities hinder their organisation's implementation of security and risk solutions." The problem is that, in many organisations, responsibility for risk and security management often falls to several different groups instead of being vested in one centralised group with full responsibility for end-to-end risk and security management. To further complicate matters, over one third of all respondents said they had multiple bosses, with dotted-line reporting structures to HR, legal, finance, or enterprise risk. BearingPoint concludes: "It is becoming a lot more important for a security and risk professionals to be good communicators, negotiators, and advisors rather than hard-core techies…This requires having the right background to understand things from a business perspective and knowing how to help business develop technical and tactical solutions to security and risk management problems." According to JR Reagan, BearingPoint vice president and global suite leader for risk, compliance and security "It's clear that overly complex, dotted-line organisational structures and competing business priorities are hindering organisations' ability to effectively manage risk and security – from planning and budget to execution...If security and risk management truly is a business imperative, those responsible must have the authority to make it an organisation-wide priority." Many respondents in the survey identified security measurement, analysis, and reporting as another key challenge. "Close to half of the business respondents say they rely on internal audits as their primary means to ensure security and compliance; very few rely on external assessments," BearingPoint said. "In addition, many organisations use informal procedures and self assessments for managing third-party and business partner risks and an astounding three in four respondents say they feel that the measurements they do have are not being used to improve decision-making or business processes." |
Tags
| < Next story in category | Previous story in the category > |
|---|
