Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

IT risks being filtered from senior management reports

Tripwire Inc : 06 September, 2013  (Technical Article)
Survey from Tripwire indicates more than half of IT security professioinals are filtering information to hide negative facts from corporate management teams
IT risks being filtered from senior management reports

Tripwire has released results from an extensive study focused on the state of risk-based security management with the Ponemon Institute. The study examined the disconnect between an organization’s commitments to risk-based security management and its ability to develop the collaboration, communication styles and culture necessary to security programs effective across the organization.

Key findings from the survey include:

* 61 percent said they don’t communicate security risk with senior executives or only communicate when a serious security risk is revealed

* 38 percent said that collaboration between security risk management and business is poor, non-existent or adversarial. 47 percent rated their communication of relevant security risks to executives as “not effective”

When asked why communicating relevant security risks to executives was not effective:

* 57 percent of the respondents said communications are too siloed
* 63 percent said communication occurs at too low a level
* 56 percent said the information is too technical to be understood by non-technical management
* 50 percent said negative facts are filtered before being disclosed to senior executives and the CEO
* 35 percent said it takes too much time to prepare report metrics to senior executives

“Risk-based security is an extremely complex problem where predictability and outcomes are constantly changing”, said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “This means even the most secure and sophisticated organizations experience risk because there are too many variables in play. Effective communication and collaboration across the organization are crucial in mitigating this risk.”

“Risk provides the common language that enables the a broader business conversation about cyber security risks, particularly when dealing with non-technical executives”, noted Dwayne Melancon, chief technology officer for Tripwire. “However, it's clear from this report that most organizations are missing the majority of opportunities to integrate security risks into day-to-day business decisions. Changing this paradigm will require security professionals to develop new communication skills so they can talk about security risks in terms that are clearly relevant to the top-level business goals.”

The study respondents included 749 US and 571 UK professionals in the following areas: IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo