$BlogRSDUrl$>
linking INTEGRITYIntegrity - use of values or principles to guide action in the situation at hand.Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR. A Security Disconnect, 2.11.06
Conference Board
There’s a serious security disconnect going on at our nation’s largest and most vulnerable companies: "The most supportive executives [such as CIOs] were not the most influential, and the most influential executives (senior C-suite managers) were not the most supportive." That’s the key finding from a new Conference Board report on security entitled “Navigating Risk—The Business Case for Security.” The study measures the influence of security managers among senior executives; the Board surveyed 213 senior corporate executives not specifically responsible for security or risk matters and not CIOs, at companies at especially high risk: “critical infrastructure industries (including energy and utilities, chemicals, and transportation), large corporations, multinationals with global operations, and publicly-traded companies.” The study found: there is a strong disconnect between the level of support for securityIt also found that while security is seen as aligned with operational risk, it’s not viewed as well-aligned with company strategy: Companies reported less alignment of security with long-range strategicMeasures of the effectiveness of corporate security are less sophisticated than even the measures for IT or HR effectiveness. The focused on how much a problem costs, not on contribution to strategy: The most helpful measures were the cost of business interruption, (cited by 64%); vulnerability assessments (60%); and benchmarking against industry standards (49%). Another group of helpful metrics was explicitly related to insurance costs, such as the value of facilities (44%), the level of insurance premiums (39%), and the cost of previous security incidents (34%). The choice of metrics varies widely across industries. Our own security survey has also found that management support for security is a problem (Finding 1.2). But while our survey finds there is a trend toward greater integration of IT security with risk management (Findings 6.1 and 6.2), the Conference Board study suggests that IT security's part in the overall risk picture is not as well-understood or supported as IT executives think. It helps explain why so many IT executives complain that their company takes too tactical an approach to security (Finding 6.3). CIOs can't take support for security for granted. Maybe they should enlist the help of those anxious chief marketing officers who were surveyed in the CMO Council's study on security.
CommentsPost a Comment
Archives07.03 08.03 09.03 10.03 11.03 12.03 01.04 02.04 03.04 04.04 05.04 06.04 07.04 08.04 09.04 10.04 11.04 12.04 01.05 02.05 03.05 04.05 05.05 06.05 07.05 08.05 09.05 10.05 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 08.06 09.06 10.06 11.06 01.07 02.07 03.07 04.07 07.07 08.07 09.07 10.07 05.08 06.08 |