TDR

Report says C-level execs more involved with security

May 9, 2008
The major data breaches that have received mass mediacoverage are driving so-called "C-level" executives to becomeactively involved in their organization's security policies, according to a newreport from the (ISC)2.

There are several key "take-aways" from thereport, titled "2008 (ISC)2 Global Information Security Workforce" and authored by Rob Ayoub, Frost & Sullivan's network securityindustry manager.

Ayoub told SCMagazineUS.com that these include the fact thatC-level executives are paying attention to security, the overall optimism ofsecurity professionals is increaing and organizations are focusing more onbusiness continuity and disaster recovery.

"CEOs are asking their security professionalsimportant questions about how they're prepared to not become another TJX,"Ayoub explained. "We've heard a lotin the past about upper management taking a role in security; this time it isvalidated."

Nearly three-quarters (73 percent) of the survey of 7,548security professionals reported that they're concerned about the impact of servicedowntime and damage to the organization's reputation.

"Public reputationwas very important, and these are issues we haven't seen concern inbefore," Ayoub said.

“The study confirms for me that security is becoming abroader issue and is moving up the stack into the priorities of business folksas well,” Howard A. Schmidt, the ISC2's security strategist, toldSCMagazineUS.com. “Executives are seeing that breaches can have far-reachingconsequences throughout their business, impacting corporate reputation, theprivacy of customer data, identity theft and of course legal and regulatorycompliance.”

In addition, 70 percent said customer issues related toprivacy violations were high priority, as were customer identity theft issues(67 percent). Other top-of-mind issues included concern about viruses and wormsand insider threats.

The top five new security technologies enterprisesare deploying now are biometrics, wireless, disaster recovery, intrusionprevention and cryptography, the report indicated. Ayoub said he was surprisedthat disaster recovery climbed into the “top five” realm this year.

Disaster recovery has become a key issue "becausecompanies rely so heavily on the internet for employee communications and toreact with customers,” Ayoub said. “They realize they need to have a soliddisaster-recovery plan."

"Public incidents are driving an awareness indisaster-recovery technologies," he added. "Company executives areseeing events on the news and want to know how they're prepared to deal with afire or a hurricane."

Ayoub also said the report indicated companies planned to spend more money on security training, and that security professionalsare "optimistic" about their job.

All this points to the conclusionthat more C-level executives are "showing actual concern about what theirsecurity professionals are doing and not just paying lip service," Ayoubsaid.

prestitial ad