Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

CISOs are only part of the plan

These and other questions were just some that were answered in a recent study, Do CISOs Add Value?, conducted by Jon Oltsik of the Enterprise Strategy Group. Comparing organizations with and without CISOs, the study surveyed 227 North America-based security professionals from organizations with more than 1,000 employees.

Although some of the findings were not unexpected, many were a bit disheartening. For example, only 27 percent of companies with CISOs and eight percent without them believe currently implemented infosec technologies completely enforce confidential data security policies. Further, a meager 20 percent of organizations with CISOs and 14 percent without rate their security policies and processes as excellent in protecting confidential data.

Despite such low stats, 81 percent of all the pros surveyed say that enforcing confidential data security policies is the top priority. Still other priorities include communication and training employees on confidential data security policies, defining and updating these policies, and implementing access controls. But goals set and goals met are two different animals.

The research does seem to indicate that organizations do a better job of fortifying their security postures with a CISO on staff to lead related efforts. With or without them, however, companies are still flailing at adequately addressing various security goals, such as establishing email and

IM polices, setting security policies on laptops and desktops, monitoring and auditing confidential data policies, and much more.

So what does all this mean? Headway is being made, but a CISO is just one part in bettering a company's security stance. These IT security leaders still need company-wide support. And such far-reaching planning, says Oltsik, "won't be easy or cheap. It is a long-term organizational commitment..."

Clearly, one that still needs to be taken on by many government and private entities alike - or else investor and consumer uncertainty will prove irreversible as the number of exposed identities continues to rise.

Illena Armstrong is editor-in-chief.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.