CIO and CISO

Privacy Leader

Marketer and Brand Manager

Blog

Privacy Professionals Should Share the Wealth
August 16, 2010
I guest-blogged for anti-ID theft crusader John Sileo’s web site this week and thought I’d re-post here for readers of the Ponemon. Permalink

Legislating Social Privacy
July 30, 2010
There’s a great deal of talk these days about privacy and social media. Specifically, services like Google, Facebook, Twitter, and other popular social networking platforms are coming under increased scrutiny over their privacy policies and data sharing practices. Permalink

When Privileged Access is no longer a Privilege
July 19, 2010
I just read an interesting multi-part investigative report in the Washington Post about how intelligence gathering – and the bureaucracy that has risen since September 11, 2001 to facilitate the harvest and analysis of that information – has spun beyond the federal government’s control, not to mention its ability to make use of the sheer abundance of information. Permalink

Home » Blog » Dr. Ponemon's blog » Benchmarking Information Security Efficiency » 

RSS Feed

RSS Feed RSS Feed

Benchmarking Information Security Efficiency

July 1, 2010

Recently the Ponemon Institute completed a new project, the Security Efficiency Benchmark Study, the purpose of which was to learn what IT security leaders in the UK and European think are the key components to having an efficient and effective security operation. In other words, we wanted to know what is necessary for achieving data security goals and protect information assets and infrastructure.

As more and more organizations appoint chief information security officers and increase investments in IT security, there is a reasonable expectation that threats will be addressed – but how can the success of a security program be measured? To help answer this critical question we were commissioned by Vistorm and Check Point to create what we call the Security Efficiency Framework as a methodology to help organizations understand the most operationally efficient route to their desired security posture. We presented the results of our benchmark study and Framework in a recent webinar, the archive of which can be heard here.

The first step in developing the Framework was to interview the security leaders of 101 UK and European in order to empirically validate the key components of an effective and efficient security operation. We learned that there is a general consistency in the way IT security leaders frame operational efficiency in the domain of information security and data protection. The key drivers to better efficiency are technologies, control practices and overall program oversight. They also see the importance of organizational culture and budget in driving improvements in operational efficiency.

In addition, our research finds general agreement among IT security leaders about the underlying factors that give rise to better operational efficiency and include the following:

·         Appoint a CISO or organizational leader for information security
·         Initiate training and awareness programs on data protection and security for end-users
·         Achieve an organizational culture that respects privacy and data protection
·         Obtain executive-level support for security.
·         Deploy strong endpoint controls
 
Our research also revealed the characteristics of an organization that is not operationally efficient:  
·         Do not achieve a high security posture
·         Do not have ample budget or resources
·         Do not deploy strong perimeter controls
·         Do not have credentialed or experienced staff
·         Do not have an enterprise security strategy.
 
We hope you find this information worthwhile. Please contact the Institute if you have any questions related to this study, our Framework, or other related questions.
 

 

Posted by Dr. Larry Ponemon at 4:07 pm


Add Comment (0 comments)
Tags: