SlideShare une entreprise Scribd logo

Insights from the IBM Chief Information Security Officer Assessment

IBM Security
IBM Security

To obtain a global snapshot of security leaders’ strategies and approaches, the IBM Center for Applied Insights conducted double-blind interviews with 138 security leaders – the IT and line-of-business executives responsible for information security in their enterprises. Some of these leaders carried the title of Chief Information Security Officer (CISO), but given the diversity of organizational structures, many did not. The Center supplemented this quantitative research through in-depth conversations with 25 information security leaders. Participation spanned a broad range of industries and seven different countries. Nearly 20 percent of the respondents lead information security in enterprises with more than 10,000 employees; 55 percent are in enterprises with 1,000 to 9,999 employees.

TechnologieActualités & Politique
1  sur  12
Télécharger pour lire hors ligne
IBM Center for Applied Insights Finding a strategic voice Insights from the 2012 IBM Chief Information Security Officer Assessment
To obtain a global snapshot of security leaders’ strategies and approaches, the IBM Center for Applied Insights conducted double-blind interviews with 138 security leaders –the IT and line-of-business executives responsible for information security in their enterprises. Some of these leaders carried the title of Chief Information Security Officer (CISO), but given the diversity of organizational structures, many did not. The Center supplemented this quantitative research through in-depth conversations with 25 information security leaders. Participation spanned a broad range of industries and seven different countries. Nearly 20 percent of the respondents lead information security in enterprises with more than 10,000 employees; 55 percent are in enterprises with 1,000 to 9,999 employees. This study–along with other security and risk management resources for CIOs and CISOs–is available from ibm.com/ smarter/cai/security. About the study
IBM Center for Applied Insights 3 “Security leaders are becoming more closely integrated into the business – and more independent of information technology.” – Senior VP of IT, Energy and Utilities3 The changing security landscape: What we learned Charged with protecting some of the enterprise’s most valuable assets–money, customer data, intellectual property and even its brand–security leaders are under intense pressure. Our study findings point to major shifts in attitudes and clear recognition of the strategic importance of information security: • Business leaders are increasingly concerned with security issues. Nearly two-thirds of security leaders say their senior executives are paying more attention to security today than they were two years ago, due in large part to media attention. • Budgets are expected to increase. Two-thirds of security leaders expect spending on information security to rise over the next two years. Of those, almost 90 percent antici- pate double-digit growth. One in ten expects increases of 50 percent or more. • Attention is shifting toward risk management. In two years, security leaders expect to be spending more of their time on reduction of potential future risk, and less on mitigation of current threats and management of regulatory and compliance issues. With explosive growth in connectivity and collaboration, information security is becoming increasingly complex and difficult to manage. Yet, some security organizations are rising to the challenge. Our research reveals a distinct pattern of progression–and distinguishing traits of those that are most confident and capable. These forward-thinkers are taking a more proactive, integrated and strategic approach to security, highlighting models worth emulating and the emerging business leadership role of the Chief Information Security Officer (CISO). In today’s hyper-connected world, information security is expanding beyond its technical silo into a strategic, enterprise- wide priority. It takes only a glance at news headlines to see why. In 2011, the corporate world experienced the second- highest data loss total since 2004.1 Security leaders are navigating a period of significant change. IT is no longer confined to the back office or even the enter- prise. Entire value chains, from suppliers to customers, are electronically connected and collaborating as never before. Devices and ways of accessing information are proliferating. The number of mobile workers is expected to reach 1.3 billion by 2015. At the same time, mobile security threats are increasing–up almost 20 percent in 2011.2 It all adds up to much greater vulnerability. While many organizations remain in crisis response mode, some have moved beyond a reactive stance and are taking steps to reduce future risk. They see themselves as more mature in their security-related capabilities and better prepared to meet new threats. What have these enterprises done to create greater confidence? More importantly, can their actions show the way forward for others?
4 Finding a strategic voice “Security leaders are more accountable to the business now. Their audience is expanding.” – CIO, Insurance How prepared are organizations…really? When security leaders rank themselves on their organizations’ maturity and their ability to handle or avoid a breach, three types of organizations emerge, as shown in Figure 1: • Influencers–This group’s members, 25 percent of those surveyed, see their security organizations as progressive, ranking themselves highly in both maturity and prepared- ness. These security leaders have business influence and authority–a strategic voice in the enterprise. • Protectors–Comprising almost half of our sample, these security leaders recognize the importance of information security as a strategic priority. However, they lack important measurement insight and the necessary budget authority to fully transform their enterprises’ security approach. • Responders–This group remains largely in response mode, working to protect the enterprise and comply with regulations and standards but struggling to make strategic headway. They may not yet have the resources or business influence to drive significant change. Knowing that some companies are very confident while others see gaps raises an important question. What are Influencers doing differently? • External threats are the primary security challenge. Drawing far more attention than internal threats, technology introduction or regulatory compliance, outside threats top the list of security concerns. • Mobile security is a major focus. Given increasingly mobile workforces and the high rate of wireless device adoption, more than half of security leaders say mobile security will be their major technology challenge over the next two years. Across the board, we saw general agreement on the heightened importance of information security. And most companies report having a centralized security function. However, looking deeper–at the actions, plans and strategies of security leaders–we found great disparity in how organizations are actually implementing “centralized” security. Figure 1: Only one-quarter of security leaders believe their organizations are mature and have high confidence in their ability to avoid or contain a breach. Self-assessment of maturity and preparedness Breachpreparedness HighSecurity organization maturityLow HighLow Influencers 25% Protectors 47% Responders 28% = 5 respondents
IBM Center for Applied Insights 5 CIO (30%) IT VP/Director/Manager (24%) CFO (18%) New security technology (46%) Updating business processes (36%) CIO (32%) CFO (20%) CEO (20%) Employee education (53%) New security technology (42%) Security profiles Responders Dedicated CISO Security/risk committee Budget line item Budget authority Increased leadership attention Regular board topic Primary focus over next two years Standardized metrics Structure and management Organizational reach Measurement InfluencersProtectors 26% 26% 27% 50% 22% 26% 42% 52% 45% 68% 58% 43% CIO (26%) CEO (26%) CISO (13%) Employee education (59%) Communications/ collaboration (24%) 56% 68% 71% 77% 60% 59% Figure 2: Influencers are much more likely to have elevated information security to a strategic priority. What makes Influencers stand out Interestingly, these three security segments are not skewed toward certain demographics. The mix of industries, geo- graphies and enterprise sizes is generally consistent across all groups. The key differences are found in their information security profiles–their structure, scope and accountability. Through an analysis of security leaders’ responses, we discovered a distinct pattern of evolution among security organizations (see Figure 2)–and the distinguishing traits of those that are most advanced. “Information security leaders will have a much larger say in the matter; influence and decision-making power within the company will grow.” – IT Division Head, Media and Entertainment
6 Finding a strategic voice Structure and management Because their senior management teams recognize the need for a coordinated approach, organizations in the Influencer group are more likely to appoint a CISO–a dedicated leader with a strategic, enterprisewide purview. Influencers also tend to have a security steering committee headed by a senior executive, often the CISO. The committee’s main charter is to evaluate security issues holistically and develop an integrated enterprise strategy. It is responsible for systemic changes that span functions, including legal, business operations, finance, human resources and more. The vast majority of Influencers benefit from a dedicated security budget line item supporting their efforts. Across the full sample, CIOs typically control the information security budget. However, among Protector and Influencer organizations, investment authority lies with business leaders more often. In fact, Influencers say CEOs are just as likely as CIOs to be steering their information security budgets. Among Responders, CISOs and steering committees are less common, which suggests their approach to security is more tactical and fragmented. The lack of a dedicated budget line item may force their security organizations to constantly negotiate for funding or limit the scope of initiatives to specific functions or silos. A CISO perspective: Wider view, broader role By Paul Connelly Vice President and Chief Information Security Officer, Hospital Corporation of America The security leader role is changing because of several key dynamics. The value and volume of information are increasing for many companies, threats to that information are becoming more sophisticated and relentless, and the impacts of security breakdowns are becoming more costly. And among business leaders, customers and the public at large, expectations for the protection of information are higher than ever. As a result, security leaders have to focus on innovative and highly efficient ways to protect company data, and take a wider view of information protection that extends beyond just security measures. The priority of–and spend- ing on–information protection needs to be a business decision, which may drive change in traditional reporting structures within IT. Alignment with risk management and privacy, disaster recovery and business continuity planning, and physical security offers a clear advantage. It can potentially eliminate overlap, create synergies and drive company efficiencies in information protection–enabling the security leader to become a broader information risk- management player.
IBM Center for Applied Insights 7 Responders are more tactically oriented. They are concen- trating on foundational building blocks: incorporating new security technology to close security gaps, redesigning business processes and hiring new staff. While technology and business processes are still important to Influencers, they are in the mode of continuously innovating and improving rather than establishing basic capabilities. Across all three groups, mobile security is the top technical challenge, dominating the agendas of Responders (60 percent) and Protectors (63 percent). Among Influencers, however, mobile security is part of an end-to-end strategy. These Influencers are focused not only on securing mobile access (33 percent), but also protecting cloud (30 percent) and database storage (30 percent). Organizational reach The Influencers have the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. These leaders understand the need for more pervasive risk awareness–and are far more focused on enterprisewide education, collaboration and communication (see Figure 3). They are working closely with business functions to create a culture in which employees take a more proactive role in protecting the enterprise. Because they are more integrated with the business, these security organizations are also able to influence the design of new products and services, incorpor- ating security considerations early in the process. Differences in focus over the next two years Responders Influencers 2x 2x 4x Improving enterprisewide communication and collaboration Incorporating new technology to close current gaps Providing education and driving awareness more more more Figure 3: With foundational security technology and practices in place, Influencers are turning their attention to people and building a risk-aware culture. “Security leaders are going to become more key to their organizations, their budgets will increase and they will move from the fringe to being embedded.” – Line-of-business Director, Banking
8 Finding a strategic voice Measurement Influencers are twice as likely as Responders to track their progress. Given their intent to build a more risk-aware culture, these organizations measure user awareness and educational programs more than Protectors and Responders do (see Figure 4). And because they are concerned with broader, more systemic risks, Influencers are also more likely to assess their ability to deal with future threats and the integration of new technologies. Generally speaking, Influencers are not only gaining the attention of business leaders and working collaboratively across the enterprise; they are also being held responsible and accountable for what they do through formal measurements. “In general, the role of information security will be moving away from specific risks to global risks. The role will be much larger than it used to be.” – Finance Director, Insurance Importance of metrics Responders Compliance Risk and ability to deal with future threats Vulnerability Education and awareness Speed of recovery from incidents Day-to-day security operations Attacks identified and thwarted Cost New technology and innovation efforts High Low InfluencersProtectors Figure 4: Influencers are more likely to measure progress through a wider variety of metrics and devote more attention to systemic change than the other groups.
IBM Center for Applied Insights 9 The case for security leadership Despite constant threats and a growing range of risks, some organizations are more confident and capable. Their approaches highlight the importance of a broader charter for the security function–and a more strategic role for informa- tion security leaders. Yet, adopting this more holistic strategy involves significant change. Security leaders must assume a business leadership position and dispel the idea that information security is a technology support function. Their purview must encompass education and cultural change, not just security technology and processes. Leaders will need to reorient their security organizations around proactive risk management rather than crisis response and compliance. And the management of information security must migrate from discrete and fragmented initiatives to an integrated, systemic approach. Security has to be designed to protect the entire enterprise, not just pieces of it. To accomplish these objectives, security leaders should construct an action plan based on their current capabilities and most pressing needs. They will also need to gain the support of the entire C-suite to drive enterprisewide change. Responders can move beyond their tactical focus by: • Establishing a dedicated security leadership role (like a CISO), assembling a security and risk committee, and measuring progress • Automating routine security processes to devote more time and resources to security innovation Protectors can make security more of a strategic priority by: • Investing more of their budgets on reducing future risks • Aligning information security initiatives to broader enterprise priorities • Learning from and collaborating with a network of security peers A CISO perspective: Why measures matter By John Meakin Global Head of Security Solutions & Architecture, Deutsche Bank Given the dynamic nature of the challenge, measuring the state of security within an organization is increasingly important. Since threats are always moving and solutions are more complex, dynamic and often partial, knowing where you are is essential. Leading indicators could include a variety of measures from the number of applications that have had specific security requirements defined and tested prior to going live to the speed and completeness of correcting known vulnerabilities. As people access information from a wider variety of locations and devices, protecting it becomes more difficult. Organizations may need to track servers and end-points that store higher classifications of information. Although metrics can be a challenge to define and capture, that should not deter organizations from implementing them. Measurement may be imprecise at first but will improve over time–and the process itself can drive valu- able insight.
10 Finding a strategic voice Influencers can continue to innovate and advance their security approaches by: • Strengthening communication, education and business leadership skills to cultivate a more risk-aware culture • Using insights from metrics and data analysis to identify high-value improvement areas The integrated approach, strategic reach and measurement systems of Influencers point to a new kind of security organiza- tion and a new breed of leader. These forward-thinking security leaders can make steady progress because they have authority, accountability and impact. By following their example, those who are not as far along can begin to find their strategic voice. For more information Visit the IBM Center for Applied Insights information security website (ibm.com/smarter/cai/security) for additional insights, including perspectives from IBM’s security leaders. In addition, you can collaborate with peers from around the world as part of the IBM Institute for Advanced Security (instituteforadvancedsecurity.com). About the authors David Jarvis is a Senior Consultant at the IBM Center for Applied Insights where he specializes in fact-based research on emerging business and technology topics. In addition to his research responsibilities, David teaches on business foresight and creative problem solving. He can be reached at djarvis@us.ibm.com. Marc van Zadelhoff is the Vice President of Strategy for IBM Security Systems. In this role, he is responsible for overall offering management, budget and positioning for IBM’s global security software and services portfolio. He can be reached at marc.vanzadelhoff@us.ibm.com. Jack Danahy is the Director for Advanced Security for IBM Security Systems. He is a national speaker and writer on computer network and data security and a distinguished fellow at the Ponemon Institute. In addition, Jack is a frequent contributor to industry and governmental security groups in the areas of data privacy, cybersecurity, cyberthreats and critical infrastructure protection. He can be reached at jack.danahy@us.ibm.com. Contributors IBM Center for Applied Insights Angie Casey, Steve Rogers, Kevin Thompson IBM Market Development & Insights Subrata Chatterjee, Doron Shiloach, Jill Wynn Office of the IBM CIO Sandy Hawke, Kris Lovejoy IBM Security Systems Tim Appleby, Tom Turner
IBM Center for Applied Insights 11 About the IBM Center for Applied Insights The IBM Center for Applied Insights (ibm.com/smarter/cai/ value) introduces new ways of thinking, working and leading. Through evidence-based research, the Center arms leaders with pragmatic guidance and the case for change.
Please Recycle CIE03117-USEN-00 © Copyright IBM Corporation 2012 IBM Corporation New Orchard Road Armonk, NY 10504 Produced in the United States of America May 2012 IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. Other product, company or service names may be trademarks or service marks of others. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON- INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. 1 Verizon 2012 Data Breach Investigations Report. http://www.verizonbusiness.com/resources/reports/rp_data-breach- investigations-report-2012_en_xg.pdf 2 “Mobile Worker Population to Reach 1.3 Billion by 2015, According to IDC.” January 2012. http://www.idc.com/getdoc. jsp?containerId=prUS23251912 3 All industry quotes derived from IBM Center for Applied Insights research.

Recommandé

A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - ProtivitiSimone Luca Giargia
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 

Recommandé

A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - ProtivitiSimone Luca Giargia
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st centuryThe Economist Media Businesses
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governancedigitallibrary
 
2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenturejob Titri company
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summarypatmisasi
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10David X Martin
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
infosec-it
infosec-itinfosec-it
infosec-itMichael Trofi Jr. CISSP, CISM, CGEIT
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmPriyanka Aash
 
Intelligent Operations Center
Intelligent Operations CenterIntelligent Operations Center
Intelligent Operations Centerestotts75
 
IBM ITS Services
IBM ITS ServicesIBM ITS Services
IBM ITS ServicesBradley Gilmour
 
ISVouga Marketing Sessions
ISVouga Marketing SessionsISVouga Marketing Sessions
ISVouga Marketing SessionsVasco Marques
 

Contenu connexe

Tendances

Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governancedigitallibrary
 
2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenturejob Titri company
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summarypatmisasi
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10David X Martin
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmPriyanka Aash
 

Tendances (19)

The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital Future
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governance
 
2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
 
infosec-it
infosec-itinfosec-it
infosec-it
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
 

En vedette

Intelligent Operations Center
Intelligent Operations CenterIntelligent Operations Center
Intelligent Operations Centerestotts75
 
ISVouga Marketing Sessions
ISVouga Marketing SessionsISVouga Marketing Sessions
ISVouga Marketing SessionsVasco Marques
 
Ibm Smart Business Overview Jimmy Mills
Ibm Smart Business Overview Jimmy MillsIbm Smart Business Overview Jimmy Mills
Ibm Smart Business Overview Jimmy MillsJimmy Mills
 
IBM Managed File Transfer Portfolio - IBMImpact 2014
IBM Managed File Transfer Portfolio - IBMImpact 2014IBM Managed File Transfer Portfolio - IBMImpact 2014
IBM Managed File Transfer Portfolio - IBMImpact 2014Leif Davidsen
 
New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)IBM Danmark
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overviewxband
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Territory Planning - The Sales Journey.com
Territory Planning - The Sales Journey.comTerritory Planning - The Sales Journey.com
Territory Planning - The Sales Journey.comthesalesjourney
 
How to plan your sales territory
How to plan your sales territoryHow to plan your sales territory
How to plan your sales territoryCamilo Rojas
 
The State of Sales & Marketing at the 50 Fastest-Growing B2B Companies
The State of Sales & Marketing at the 50 Fastest-Growing B2B CompaniesThe State of Sales & Marketing at the 50 Fastest-Growing B2B Companies
The State of Sales & Marketing at the 50 Fastest-Growing B2B CompaniesMattermark
 

En vedette (16)

Intelligent Operations Center
Intelligent Operations CenterIntelligent Operations Center
Intelligent Operations Center
 
IBM ITS Services
IBM ITS ServicesIBM ITS Services
IBM ITS Services
 
ISVouga Marketing Sessions
ISVouga Marketing SessionsISVouga Marketing Sessions
ISVouga Marketing Sessions
 
Ibm Smart Business Overview Jimmy Mills
Ibm Smart Business Overview Jimmy MillsIbm Smart Business Overview Jimmy Mills
Ibm Smart Business Overview Jimmy Mills
 
IBM Managed File Transfer Portfolio - IBMImpact 2014
IBM Managed File Transfer Portfolio - IBMImpact 2014IBM Managed File Transfer Portfolio - IBMImpact 2014
IBM Managed File Transfer Portfolio - IBMImpact 2014
 
New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)
 
“Brand Planning Roadmap for Digital Success” by Salman Abedin
“Brand Planning Roadmap for Digital Success” by Salman Abedin“Brand Planning Roadmap for Digital Success” by Salman Abedin
“Brand Planning Roadmap for Digital Success” by Salman Abedin
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
 
Brand Plan Sample
Brand Plan SampleBrand Plan Sample
Brand Plan Sample
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Territory Planning - The Sales Journey.com
Territory Planning - The Sales Journey.comTerritory Planning - The Sales Journey.com
Territory Planning - The Sales Journey.com
 
How to plan your sales territory
How to plan your sales territoryHow to plan your sales territory
How to plan your sales territory
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
The State of Sales & Marketing at the 50 Fastest-Growing B2B Companies
The State of Sales & Marketing at the 50 Fastest-Growing B2B CompaniesThe State of Sales & Marketing at the 50 Fastest-Growing B2B Companies
The State of Sales & Marketing at the 50 Fastest-Growing B2B Companies
 

Similaire à Insights from the IBM Chief Information Security Officer Assessment

Cyber security: five leadership issues worthy of Board and executive attention
Cyber security: five leadership issues worthy of Board and executive attentionCyber security: five leadership issues worthy of Board and executive attention
Cyber security: five leadership issues worthy of Board and executive attentionRamón Gómez de Olea y Bustinza
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016Tim Grieveson
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperBilha Diaz
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013EY
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseThe Economist Media Businesses
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedJames Blake
 
Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)Paperjam_redaction
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderAccenture Insurance
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 

Similaire à Insights from the IBM Chief Information Security Officer Assessment (20)

Cyber security: five leadership issues worthy of Board and executive attention
Cyber security: five leadership issues worthy of Board and executive attentionCyber security: five leadership issues worthy of Board and executive attention
Cyber security: five leadership issues worthy of Board and executive attention
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaper
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
Cybersecurity report-vol-8
Cybersecurity report-vol-8Cybersecurity report-vol-8
Cybersecurity report-vol-8
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - Published
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 

Plus de IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 

Plus de IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Dernier

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Dernier (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Insights from the IBM Chief Information Security Officer Assessment

  • 1. IBM Center for Applied Insights Finding a strategic voice Insights from the 2012 IBM Chief Information Security Officer Assessment
  • 2. To obtain a global snapshot of security leaders’ strategies and approaches, the IBM Center for Applied Insights conducted double-blind interviews with 138 security leaders –the IT and line-of-business executives responsible for information security in their enterprises. Some of these leaders carried the title of Chief Information Security Officer (CISO), but given the diversity of organizational structures, many did not. The Center supplemented this quantitative research through in-depth conversations with 25 information security leaders. Participation spanned a broad range of industries and seven different countries. Nearly 20 percent of the respondents lead information security in enterprises with more than 10,000 employees; 55 percent are in enterprises with 1,000 to 9,999 employees. This study–along with other security and risk management resources for CIOs and CISOs–is available from ibm.com/ smarter/cai/security. About the study
  • 3. IBM Center for Applied Insights 3 “Security leaders are becoming more closely integrated into the business – and more independent of information technology.” – Senior VP of IT, Energy and Utilities3 The changing security landscape: What we learned Charged with protecting some of the enterprise’s most valuable assets–money, customer data, intellectual property and even its brand–security leaders are under intense pressure. Our study findings point to major shifts in attitudes and clear recognition of the strategic importance of information security: • Business leaders are increasingly concerned with security issues. Nearly two-thirds of security leaders say their senior executives are paying more attention to security today than they were two years ago, due in large part to media attention. • Budgets are expected to increase. Two-thirds of security leaders expect spending on information security to rise over the next two years. Of those, almost 90 percent antici- pate double-digit growth. One in ten expects increases of 50 percent or more. • Attention is shifting toward risk management. In two years, security leaders expect to be spending more of their time on reduction of potential future risk, and less on mitigation of current threats and management of regulatory and compliance issues. With explosive growth in connectivity and collaboration, information security is becoming increasingly complex and difficult to manage. Yet, some security organizations are rising to the challenge. Our research reveals a distinct pattern of progression–and distinguishing traits of those that are most confident and capable. These forward-thinkers are taking a more proactive, integrated and strategic approach to security, highlighting models worth emulating and the emerging business leadership role of the Chief Information Security Officer (CISO). In today’s hyper-connected world, information security is expanding beyond its technical silo into a strategic, enterprise- wide priority. It takes only a glance at news headlines to see why. In 2011, the corporate world experienced the second- highest data loss total since 2004.1 Security leaders are navigating a period of significant change. IT is no longer confined to the back office or even the enter- prise. Entire value chains, from suppliers to customers, are electronically connected and collaborating as never before. Devices and ways of accessing information are proliferating. The number of mobile workers is expected to reach 1.3 billion by 2015. At the same time, mobile security threats are increasing–up almost 20 percent in 2011.2 It all adds up to much greater vulnerability. While many organizations remain in crisis response mode, some have moved beyond a reactive stance and are taking steps to reduce future risk. They see themselves as more mature in their security-related capabilities and better prepared to meet new threats. What have these enterprises done to create greater confidence? More importantly, can their actions show the way forward for others?
  • 4. 4 Finding a strategic voice “Security leaders are more accountable to the business now. Their audience is expanding.” – CIO, Insurance How prepared are organizations…really? When security leaders rank themselves on their organizations’ maturity and their ability to handle or avoid a breach, three types of organizations emerge, as shown in Figure 1: • Influencers–This group’s members, 25 percent of those surveyed, see their security organizations as progressive, ranking themselves highly in both maturity and prepared- ness. These security leaders have business influence and authority–a strategic voice in the enterprise. • Protectors–Comprising almost half of our sample, these security leaders recognize the importance of information security as a strategic priority. However, they lack important measurement insight and the necessary budget authority to fully transform their enterprises’ security approach. • Responders–This group remains largely in response mode, working to protect the enterprise and comply with regulations and standards but struggling to make strategic headway. They may not yet have the resources or business influence to drive significant change. Knowing that some companies are very confident while others see gaps raises an important question. What are Influencers doing differently? • External threats are the primary security challenge. Drawing far more attention than internal threats, technology introduction or regulatory compliance, outside threats top the list of security concerns. • Mobile security is a major focus. Given increasingly mobile workforces and the high rate of wireless device adoption, more than half of security leaders say mobile security will be their major technology challenge over the next two years. Across the board, we saw general agreement on the heightened importance of information security. And most companies report having a centralized security function. However, looking deeper–at the actions, plans and strategies of security leaders–we found great disparity in how organizations are actually implementing “centralized” security. Figure 1: Only one-quarter of security leaders believe their organizations are mature and have high confidence in their ability to avoid or contain a breach. Self-assessment of maturity and preparedness Breachpreparedness HighSecurity organization maturityLow HighLow Influencers 25% Protectors 47% Responders 28% = 5 respondents
  • 5. IBM Center for Applied Insights 5 CIO (30%) IT VP/Director/Manager (24%) CFO (18%) New security technology (46%) Updating business processes (36%) CIO (32%) CFO (20%) CEO (20%) Employee education (53%) New security technology (42%) Security profiles Responders Dedicated CISO Security/risk committee Budget line item Budget authority Increased leadership attention Regular board topic Primary focus over next two years Standardized metrics Structure and management Organizational reach Measurement InfluencersProtectors 26% 26% 27% 50% 22% 26% 42% 52% 45% 68% 58% 43% CIO (26%) CEO (26%) CISO (13%) Employee education (59%) Communications/ collaboration (24%) 56% 68% 71% 77% 60% 59% Figure 2: Influencers are much more likely to have elevated information security to a strategic priority. What makes Influencers stand out Interestingly, these three security segments are not skewed toward certain demographics. The mix of industries, geo- graphies and enterprise sizes is generally consistent across all groups. The key differences are found in their information security profiles–their structure, scope and accountability. Through an analysis of security leaders’ responses, we discovered a distinct pattern of evolution among security organizations (see Figure 2)–and the distinguishing traits of those that are most advanced. “Information security leaders will have a much larger say in the matter; influence and decision-making power within the company will grow.” – IT Division Head, Media and Entertainment
  • 6. 6 Finding a strategic voice Structure and management Because their senior management teams recognize the need for a coordinated approach, organizations in the Influencer group are more likely to appoint a CISO–a dedicated leader with a strategic, enterprisewide purview. Influencers also tend to have a security steering committee headed by a senior executive, often the CISO. The committee’s main charter is to evaluate security issues holistically and develop an integrated enterprise strategy. It is responsible for systemic changes that span functions, including legal, business operations, finance, human resources and more. The vast majority of Influencers benefit from a dedicated security budget line item supporting their efforts. Across the full sample, CIOs typically control the information security budget. However, among Protector and Influencer organizations, investment authority lies with business leaders more often. In fact, Influencers say CEOs are just as likely as CIOs to be steering their information security budgets. Among Responders, CISOs and steering committees are less common, which suggests their approach to security is more tactical and fragmented. The lack of a dedicated budget line item may force their security organizations to constantly negotiate for funding or limit the scope of initiatives to specific functions or silos. A CISO perspective: Wider view, broader role By Paul Connelly Vice President and Chief Information Security Officer, Hospital Corporation of America The security leader role is changing because of several key dynamics. The value and volume of information are increasing for many companies, threats to that information are becoming more sophisticated and relentless, and the impacts of security breakdowns are becoming more costly. And among business leaders, customers and the public at large, expectations for the protection of information are higher than ever. As a result, security leaders have to focus on innovative and highly efficient ways to protect company data, and take a wider view of information protection that extends beyond just security measures. The priority of–and spend- ing on–information protection needs to be a business decision, which may drive change in traditional reporting structures within IT. Alignment with risk management and privacy, disaster recovery and business continuity planning, and physical security offers a clear advantage. It can potentially eliminate overlap, create synergies and drive company efficiencies in information protection–enabling the security leader to become a broader information risk- management player.
  • 7. IBM Center for Applied Insights 7 Responders are more tactically oriented. They are concen- trating on foundational building blocks: incorporating new security technology to close security gaps, redesigning business processes and hiring new staff. While technology and business processes are still important to Influencers, they are in the mode of continuously innovating and improving rather than establishing basic capabilities. Across all three groups, mobile security is the top technical challenge, dominating the agendas of Responders (60 percent) and Protectors (63 percent). Among Influencers, however, mobile security is part of an end-to-end strategy. These Influencers are focused not only on securing mobile access (33 percent), but also protecting cloud (30 percent) and database storage (30 percent). Organizational reach The Influencers have the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. These leaders understand the need for more pervasive risk awareness–and are far more focused on enterprisewide education, collaboration and communication (see Figure 3). They are working closely with business functions to create a culture in which employees take a more proactive role in protecting the enterprise. Because they are more integrated with the business, these security organizations are also able to influence the design of new products and services, incorpor- ating security considerations early in the process. Differences in focus over the next two years Responders Influencers 2x 2x 4x Improving enterprisewide communication and collaboration Incorporating new technology to close current gaps Providing education and driving awareness more more more Figure 3: With foundational security technology and practices in place, Influencers are turning their attention to people and building a risk-aware culture. “Security leaders are going to become more key to their organizations, their budgets will increase and they will move from the fringe to being embedded.” – Line-of-business Director, Banking
  • 8. 8 Finding a strategic voice Measurement Influencers are twice as likely as Responders to track their progress. Given their intent to build a more risk-aware culture, these organizations measure user awareness and educational programs more than Protectors and Responders do (see Figure 4). And because they are concerned with broader, more systemic risks, Influencers are also more likely to assess their ability to deal with future threats and the integration of new technologies. Generally speaking, Influencers are not only gaining the attention of business leaders and working collaboratively across the enterprise; they are also being held responsible and accountable for what they do through formal measurements. “In general, the role of information security will be moving away from specific risks to global risks. The role will be much larger than it used to be.” – Finance Director, Insurance Importance of metrics Responders Compliance Risk and ability to deal with future threats Vulnerability Education and awareness Speed of recovery from incidents Day-to-day security operations Attacks identified and thwarted Cost New technology and innovation efforts High Low InfluencersProtectors Figure 4: Influencers are more likely to measure progress through a wider variety of metrics and devote more attention to systemic change than the other groups.
  • 9. IBM Center for Applied Insights 9 The case for security leadership Despite constant threats and a growing range of risks, some organizations are more confident and capable. Their approaches highlight the importance of a broader charter for the security function–and a more strategic role for informa- tion security leaders. Yet, adopting this more holistic strategy involves significant change. Security leaders must assume a business leadership position and dispel the idea that information security is a technology support function. Their purview must encompass education and cultural change, not just security technology and processes. Leaders will need to reorient their security organizations around proactive risk management rather than crisis response and compliance. And the management of information security must migrate from discrete and fragmented initiatives to an integrated, systemic approach. Security has to be designed to protect the entire enterprise, not just pieces of it. To accomplish these objectives, security leaders should construct an action plan based on their current capabilities and most pressing needs. They will also need to gain the support of the entire C-suite to drive enterprisewide change. Responders can move beyond their tactical focus by: • Establishing a dedicated security leadership role (like a CISO), assembling a security and risk committee, and measuring progress • Automating routine security processes to devote more time and resources to security innovation Protectors can make security more of a strategic priority by: • Investing more of their budgets on reducing future risks • Aligning information security initiatives to broader enterprise priorities • Learning from and collaborating with a network of security peers A CISO perspective: Why measures matter By John Meakin Global Head of Security Solutions & Architecture, Deutsche Bank Given the dynamic nature of the challenge, measuring the state of security within an organization is increasingly important. Since threats are always moving and solutions are more complex, dynamic and often partial, knowing where you are is essential. Leading indicators could include a variety of measures from the number of applications that have had specific security requirements defined and tested prior to going live to the speed and completeness of correcting known vulnerabilities. As people access information from a wider variety of locations and devices, protecting it becomes more difficult. Organizations may need to track servers and end-points that store higher classifications of information. Although metrics can be a challenge to define and capture, that should not deter organizations from implementing them. Measurement may be imprecise at first but will improve over time–and the process itself can drive valu- able insight.
  • 10. 10 Finding a strategic voice Influencers can continue to innovate and advance their security approaches by: • Strengthening communication, education and business leadership skills to cultivate a more risk-aware culture • Using insights from metrics and data analysis to identify high-value improvement areas The integrated approach, strategic reach and measurement systems of Influencers point to a new kind of security organiza- tion and a new breed of leader. These forward-thinking security leaders can make steady progress because they have authority, accountability and impact. By following their example, those who are not as far along can begin to find their strategic voice. For more information Visit the IBM Center for Applied Insights information security website (ibm.com/smarter/cai/security) for additional insights, including perspectives from IBM’s security leaders. In addition, you can collaborate with peers from around the world as part of the IBM Institute for Advanced Security (instituteforadvancedsecurity.com). About the authors David Jarvis is a Senior Consultant at the IBM Center for Applied Insights where he specializes in fact-based research on emerging business and technology topics. In addition to his research responsibilities, David teaches on business foresight and creative problem solving. He can be reached at djarvis@us.ibm.com. Marc van Zadelhoff is the Vice President of Strategy for IBM Security Systems. In this role, he is responsible for overall offering management, budget and positioning for IBM’s global security software and services portfolio. He can be reached at marc.vanzadelhoff@us.ibm.com. Jack Danahy is the Director for Advanced Security for IBM Security Systems. He is a national speaker and writer on computer network and data security and a distinguished fellow at the Ponemon Institute. In addition, Jack is a frequent contributor to industry and governmental security groups in the areas of data privacy, cybersecurity, cyberthreats and critical infrastructure protection. He can be reached at jack.danahy@us.ibm.com. Contributors IBM Center for Applied Insights Angie Casey, Steve Rogers, Kevin Thompson IBM Market Development & Insights Subrata Chatterjee, Doron Shiloach, Jill Wynn Office of the IBM CIO Sandy Hawke, Kris Lovejoy IBM Security Systems Tim Appleby, Tom Turner
  • 11. IBM Center for Applied Insights 11 About the IBM Center for Applied Insights The IBM Center for Applied Insights (ibm.com/smarter/cai/ value) introduces new ways of thinking, working and leading. Through evidence-based research, the Center arms leaders with pragmatic guidance and the case for change.
  • 12. Please Recycle CIE03117-USEN-00 © Copyright IBM Corporation 2012 IBM Corporation New Orchard Road Armonk, NY 10504 Produced in the United States of America May 2012 IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. Other product, company or service names may be trademarks or service marks of others. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON- INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. 1 Verizon 2012 Data Breach Investigations Report. http://www.verizonbusiness.com/resources/reports/rp_data-breach- investigations-report-2012_en_xg.pdf 2 “Mobile Worker Population to Reach 1.3 Billion by 2015, According to IDC.” January 2012. http://www.idc.com/getdoc. jsp?containerId=prUS23251912 3 All industry quotes derived from IBM Center for Applied Insights research.