How much should IT be spending on IT security to improve compliance results, and where should the spend be allocated? This Guidance note summarizes key findings from the benchmarks and identifies reliable metrics not subject to industry fluctuations. more...

Is your organization measuring too little, too much or not enough? Which key performance indictators drive better results for IT compliance? Find out what the IT compliance leaders are doing and how your organization compares. more...

The leading cause of compliance deficiencies among all organizations is found in IT security, where seven-out-of-ten deficiencies are directly related to deficiencies in IT security. How does your organization compare? more...

Government agencies are ahead of the private sector for compliance. Find out the details and the reasons why. more...

Do you merge internal controls and IT security to improve results? According to 73% of firms, this action has been taken or is underway. But does this action improve results? Find out what the benchmarks show. more...

When 97 percent of industry leaders take the same action, is it meaningful? When it comes to performance results it is. Find out how your organization compares to what the industry leaders are doing to improve IT compliance results, how firms operating at the norm compare, and what the laggards are not doing. more...

Not all government agencies outperform the private sector for compliance results. Find out which strategic actions are more important, how small, midsize and large government agencies are positioned, and how your agency compares. more...

The leading cause of compliance deficiencies are found in IT, where seven-out-of-ten are directly related to IT security. How does your organization compare? more...