Report: Organizations recognize security risks, slow to take action

Share this article:
Report: Organizations recognize security risks, slow to take action
A recent study has found a significant gap between perceived risk and the actual safeguarding of sensitive data.

First and foremost, organizations must “determine the location of information assets and the control practices that exist to protect it,” he said.

From there, they must create a governance process that prioritizes information based on its importance or risk the company, then applies rules and policies to use and propagation of the data.  

“Third, organizations should invest in technologies that help IT and IT security practitioners to gain visibility over the information lifecycle (i.e., creation, collection, use, sharing and retention of information assets),” Ponemon said.

And lastly they must “establish metrics for success to ensure that the above steps are reducing the risk of data loss or theft,” he said. 

If companies do not close the gap between needing to protect data and actually protecting it, especially business-critical information assets, they could face costly consequences “in terms of customer churn, diminished reputation and legal actions,” Ponemon said.

“In short, ‘ignorance is bliss' is not an acceptable defense," he added.

Page 2 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.