Recently the Ponemon Institute completed a new project, the Security Efficiency Benchmark Study, the purpose of which was to learn what IT security leaders in the UK and European think are the key components to having an efficient and effective security operation. In other words, we wanted to know what is necessary for achieving data security goals and protect information assets and infrastructure.

As more and more organizations appoint chief information security officers and increase investments in IT security, there is a reasonable expectation that threats will be addressed – but how can the success of a security program be measured? To help answer this critical question we were commissioned by Vistorm and Check Point to create what we call the Security Efficiency Framework as a methodology to help organizations understand the most operationally efficient route to their desired security posture. We presented the results of our benchmark study and Framework in a recent webinar, the archive of which can be heard here.

The first step in developing the Framework was to interview the security leaders of 101 UK and European in order to empirically validate the key components of an effective and efficient security operation. We learned that there is a general consistency in the way IT security leaders frame operational efficiency in the domain of information security and data protection. The key drivers to better efficiency are technologies, control practices and overall program oversight. They also see the importance of organizational culture and budget in driving improvements in operational efficiency.

In addition, our research finds general agreement among IT security leaders about the underlying factors that give rise to better operational efficiency and include the following: