Any business on any given day can be compromised. That’s the reality of information security. Attacks may be targeted or the result of automated scans. The attackers may be sophisticated programmers or “script kiddies” who purchased an attack toolkit on the internet. With so many threat vectors to defend against, enterprises are expending capital on security technologies at an increasing rate. But buying a technology alone, does not provide protection. The correct deployment of that technology is essential.
PwC’s 2012 Global State of Information Security Survey revealed that a vast majority of executives are confident in the effectiveness of their infosec practices. Respondents included readers of CIO and CSO Magazines and clients of PwC from 138 countries. The survey included more than 9,600 responses from COs, CFOs, CSOs, VPs and Directors of IT and Security on more than 40 questions on topics related to infosec and its alignment with the business. Overall, respondents believe they have an effective strategy in place and that their organizations are proactively executing it.
Enterprises Make Information Security an Integral Part of Their Business Planning
It is promising that so many enterprises already have strategies in place. However, companies should be cautious not to develop an overinflated sense of safety. It is essential to keep a close eye on measuring, monitoring and updating these strategies regularly, and ensure that technologies are being deployed correctly.
Measuring and Monitoring Information Security Performance
Information security performance measurement should be a system of measuring, monitoring and reporting infosec governance metrics. The development of such an assessment framework is essential to the evaluation of the effectiveness of Security Governance.
Some example metrics might include:
As technology advances, so does the complexity of cyber-threats. Executives must remain aware of the real risks their companies face. These threats impact not just the company’s critical information, but also sensitive customer data. Without an accurate perspective, top management could develop a false sense of safety over a situation that could have significantly negative business impacts.