MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Reshaping Financial Services IT: CIO Best Practices for the Shift Toward Mobile Speakers: Dr. Larry Ponemon, Chairman, Ponemon Institute Ojas Rege, VP Strategy, MobileIron Session Times: April 1st 8:00 AM PDT (San Francisco) / 4:00 PM BST (London) April 2nd 9:00 AM HKT (Hong Kong) / 6:00 PM PDT (San Francisco)    Widespread consumer adoption of mobile technology has set in motion a fundamental shift within financial services organizations. CIOs are learning to leverage the power of mobility to deliver a strategic business advantage by helping their firms become more efficient and flexible. For the first time, MobileIron will share data from a Ponemon Institute survey of 400 financial services organizations about the future of BlackBerry, BYOD, apps, and governance. Join MobileIron VP of Strategy Ojas Rege and Ponemon Institute Chairman and Founder Dr. Larry Ponemon for a practical and “eyes-wide-open” look at the issues CIOs and CISOs in financial services will need to address as mobile becomes a fundamental part of their computing environment. Key topics include: • Financial services mobile adoption forecasts • Trends in migration to multi-OS environments • Dependencies for successful mobile strategy deployment • Implications of user experience and security Register Now This session will be recorded and available for replay.


Blog Archives for July 2010
Benchmarking Information Security Efficiency
July 1, 2010, 4:07 pm

Recently the Ponemon Institute completed a new project, the Security Efficiency Benchmark Study, the purpose of which was to learn what IT security leaders in the UK and European think are the key components to having an efficient and effective security operation. In other words, we wanted to know what is necessary for achieving data security goals and protect information assets and infrastructure.

As more and more organizations appoint chief information security officers and increase investments in IT security, there is a reasonable expectation that threats will be addressed – but how can the success of a security program be measured? To help answer this critical question we were commissioned by Vistorm and Check Point to create what we call the Security Efficiency Framework as a methodology to help organizations understand the most operationally efficient route to their desired security posture. We presented the results of our benchmark study and Framework in a recent webinar, the archive of which can be heard here.

The first step in developing the Framework was to interview the security leaders of 101 UK and European in order to empirically validate the key components of an effective and efficient security operation. We learned that there is a general consistency in the way IT security leaders frame operational efficiency in the domain of information security and data protection. The key drivers to better efficiency are technologies, control practices and overall program oversight. They also see the importance of organizational culture and budget in driving improvements in operational efficiency.

In addition, our research finds general agreement among IT security leaders about the underlying factors that give rise to better operational efficiency and include the following:

·         Appoint a CISO or organizational leader for information security
·         Initiate training and awareness programs on data protection and security for end-users
·         Achieve an organizational culture that respects privacy and data protection
·         Obtain executive-level support for security.
·         Deploy strong endpoint controls
 
Our research also revealed the characteristics of an organization that is not operationally efficient:
·         Do not achieve a high security posture
·         Do not have ample budget or resources
·         Do not deploy strong perimeter controls
·         Do not have credentialed or experienced staff
·         Do not have an enterprise security strategy.
 
We hope you find this information worthwhile. Please contact the Institute if you have any questions related to this study, our Framework, or other related questions.
 

 

Integrated, Holistic Security Strategies
July 12, 2010, 8:30 am

Holistic is a popular word these days. Often applied to food and medicine, the word conjures images of natural, healthy living, but the word holistic refers to the function of an entity as a whole, including the interdependence of all its parts. Given this broader meaning, holistic can (and should) be applied when thinking strategically about the way a business organization operates. Successful, well-functioning organizations most adapt to change, be flexible in their relationships, and innovative in their approach to business. They must not only have the capacity to react to change, but to anticipate change and act innovatively.

Information Governance in the Cloud
July 15, 2010, 11:08 am

Just a brief note to bring our recent webinar to your attention.  I presented Information Governance in the Cloud along with the good people at Symantec.  The presentation is based in part on results from our earlier report, Flying Blind in the Cloud.

If you want to view the webinar, presented on the Windows Live Meeting platform, please click here.

If you have any questions or comments about this issue, our report, or the webinar, we'd love to hear from you.

Thanks!

Categories
Security (23)
Privacy (22)
global security (1)
Providers (1)