The 2013 IBM Chief Information Security Officer Assessment takes the pulse of security leaders: stakes and opportunities.
Progressively security threats gain in sophistication and in scalability. This
means that, the security leaders constantly have to improve and develop their technologies.
The
2013 IBM Chief Information Security Officer Assessment captured by
Connectikpeople shows off that a constantly evolving threat
landscape, emerging technologies and budgetary restraints are requiring
security leaders to play a more active role in communicating with C-suite
leaders and with their boards, as the rise in security incidents impacts
brand reputation and customer trust. Additionally, cloud and mobile
adoption continues to grow as a focus area for the majority of
security
leaders.
According to the findings, while security leaders are looking to advance
mobile security beyond technology
and more about policy and strategy, less than 40% of organizations have
deployed specific response policies for personally owned devices or an
enterprise strategy for bring-your-own-device (BYOD).
Nearly 76% of security leaders interviewed have deployed some type of cloud
security services , the most popular being data monitoring and audit, along
with federated identity and access management (both at 39 percent). While
cloud and mobile continue to receive a lot of attention within many
organizations, foundational technologies that security leaders are focusing on
include identity and access management (51%), network intrusion prevention and
vulnerability scanning (39%) and database security (32%).
The security leaders interviewed stress the need for strong business vision, strategy
and policies, comprehensive risk management, and effective business relations
to be impactful in their roles. Understanding the concerns of the C-suite is
also critical as more seasoned security leaders meet
regularly with their board and C-suite leaders.
The top trends that they discuss include identifying and assessing risks
(59 percent), resolving budget issues and requests (49 percent) and new
technology deployments (44 percent).
When asked what advice they would give to a new security leaders,
respondents recommended a strong emphasis on vision, strategy and policies,
comprehensive risk management and effective business relations.
Security leaders continue to use metrics mainly to guide budgeting
and to make the case for new technology investments. In some cases, they
use measurements to help develop strategic priorities for their security
organizations. In general, however, technical and business metrics are still
focused on operational issues. For example, over 90 percent of respondents
track the number of security incidents, lost or stolen records, data or
devices, and audit and compliance status fundamental dimensions security
leaders would be expected to track. Far fewer respondents are feeding business
and security measures into their enterprise risk process even though security
leaders say the impact of security on overall enterprise risk is their most
important success factor.
“It’s evident in this study that security leaders need to focus on finding
the delicate balance between developing a strong, holistic security and risk
management strategy, while implementing more advanced and strategic
capabilities such as robust mobile security that includes policies for
BYOD," said David Jarvis, co-author of the report and manager at the IBM
Center for Applied Insights.
About the Assessment
The IBM Center for Applied Insights, in collaboration with IBM Security Systems and IBM Security Services, conducted in-depth interviews with senior leaders who have responsibility for information security in their organizations. The goal of the interviews was to identify specific organizational practices and behaviors that could strengthen the role and influence of other security leaders. To maintain continuity, interviewees were recruited from the pool of 2012 research participants – 80 percent of those recruited were prior participants – with an emphasis on more mature security leaders. Interviewees were from a broad range of industries and four countries.
About IBM SecurityThe IBM Center for Applied Insights, in collaboration with IBM Security Systems and IBM Security Services, conducted in-depth interviews with senior leaders who have responsibility for information security in their organizations. The goal of the interviews was to identify specific organizational practices and behaviors that could strengthen the role and influence of other security leaders. To maintain continuity, interviewees were recruited from the pool of 2012 research participants – 80 percent of those recruited were prior participants – with an emphasis on more mature security leaders. Interviewees were from a broad range of industries and four countries.
IBM provides the expertise, skills, services and technology to help you reduce the cost and complexity of securing IT infrastructures for IBM clients. IBM solutions include planning and design through implementation, testing, monitoring and management of multi-vendor environments.
