Changing the game
Global State of Information Security®
Survey 2013 – LINK
“While tight budgets have forestalled updates to security programs, many businesses are confident they’re winning the game. But the rules−and the players−have changed.
Information security has always been a highstakes game, one that demands a smart strategy, the right technology, and an unblinking focus on adversaries. Today, however, both the game and the opponents have changed. To win, businesses must play by new rules and bring advanced skills and strategy to the table.
17 Key findings from survey [Extract #9 and #10]
Safeguarding information is easier when you know where that information is. But organizations are keeping looser tabs on their data now than they did in years past.
This is a basic point that survey data suggest has been lost on a growing number of respondents. While more than 80% say protecting customer and employee data is important, far fewer understand what that data entails and where it is stored. This is significant because customers increasingly want to be in control of their personal data and able to “turn off” the flow of information from companies.
As mobile devices, social media, and the cloud become commonplace both inside the enterprise and out, technology adoption is moving faster than security.
Our data show, for example, that 88% of consumers use a personal mobile device for both personal and work purposes, yet just 45% of respondents have a security strategy to address personal devices in the workplace, and only 37% have malware protection for mobile devices.
How leaders play the game
When it comes to securing newer technologies such as mobile devices, social media, and the cloud, leaders are ahead of the pack on strategy, and have a sizable lead in deploying mobile device malware protection and launching mobile security initiatives.
Information security today is a rapidly evolving game of advanced skill and strategy. As a result, the security models of the past decade are no longer effective.
Today’s information security leaders acknowledge that playing the game at a higher level is required to achieve effective security. They know that the very survival of the business demands that they understand security threats, prepare for them, and respond to them quickly”.
IT security: Stay calm – be resilient
William Beer, a director in PwC’s information and cyber security practice, Ray Stanton, vice-president of professional services at BT Global Services, and Bryan Glick, editor-in-chief of Computer Weekly.
Assume the state of compromise
Maturing of Information Security to become a Boardroom issue
ISF’s 2012 Standard of Good Practice
Executive Summary – LINK
Information management & information security:
the Information Risk Maturity Index
Research conducted by Iron Mountain and PwC surveyed 600 mid-sized businesses from six European countries. Across the geographies surveyed, businesses showed themselves to be falling short when it comes to information management. This shortfall is exposing European businesses to unnecessary levels of information risk. Hungary came first with the UK last.
PWC Survey Finding 10 – “88% of consumers use a personal mobile device for both personal and work purposes”
In the “post-PC era” the Chief Security Officer must implement a smart security strategy to control company data regardless of how it is being accessed by the employee. So to what extent is it possible to lock-down access to sensitive company information from a device that is not owned by the organisation?
“Securing newer technologies such as mobile devices, social media, and the cloud” becomes even more of a challenge as work and leisure use of smartphones and iDevices merges. More time is spent accessing content from the sofa and bedroom rather than by sitting in front of a PC.
If you are in London it may be a good idea to attend the IT Security Conference on 31st October. The session on Tomorrow’s Information Security – Mark Brown, [Director – Risk @ Ernst & Young] caught my eye.
The Information Security Forum update their Standard of Good Practice annually so that is a good place to start on your journey to strengthening the protection of your information assets.