Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, December 13, 2007

Companies are Thinking of Information Security as a Strategic Asset

Ernst & Young issued findings from its tenth Global Information Security Survey and concluded that a growing number of firms recognize the other fringe benefits of keeping data safe.  E&Y polled about 1,300 senior executives in over 50 countries and found that although compliance is still a big driver of info sec initiatives, almost half of respondents (45 percent) said that meeting business objectives were among their top three drivers of information security.

I think this trend can also be examined from the angle of compliance with PCI standards—- payment card industry data security standards (PCI DSS).  Visa certainly didn’t like this behavior and was at the forefront of levying fines against offending merchants for not passing their PCI audits.  The council is adopting more stringent standards and requirements around keeping card data safe for all those involved in the payments chain—-banks included.

It’s encouraging to see that information security is taking on greater importance at organizations, even beyond compliance requirements.

Getting back to the E&Y study, the firm found that companies are better integrating their information security and risk management initiatives (82 percent of respondents).  More than two-thirds (69 percent) of respondents felt that information security improves IT and operational efficiencies.

This finding sharply contrasts to previous years, according to the firm, when information security was viewed as a barrier to IT and operational efficiency.

Nearly a third of respondents said they never meet with their board or audit committee.

Although E&Y didn’t specify the kinds of companies involved in the study, it’s not too difficult to draw parallels to the financial services industry.;jsessionid=CESVIN0SMPC0UQSNDLPSKH0CJUNN2JVN

Posted on 12/13