Automation, Practice and Policy in Information Security for Better Outcomes

Some organizations are able to minimize the impact of business downtime caused by information security problems and deficiencies, and achieve the fewest incidents of loss or theft of sensitive information. But, according to IT-PCG research, only one in ten organizations attain these kinds of results.

These “best results” organizations, however, exhibit very unique profiles for automation, practice and policy that others can learn from to help improve their information security posture.

Covering forty practices and twenty-seven areas of policy coverage, the detailed findings of the IT PCG’s most recent report deliver fact-based insight into what’s working best. Organized by outcomes being experienced, the report covers:

  • Comparison of benchmarked outcomes for organizations surveyed along with a description of declining outcomes during 2009
  • The top 10 information security practices that result in better outcomes
  • The major policies that result in better outcomes
  • A comparison of financial outcomes for organizations that incorporate specific practices and policies

Organizations with the lowest business downtime, the least loss or theft of data and the fewest audit deficiencies in IT commonly implement 30 practices for information security and fully automate 22 of these. Those with more problems commonly implement 14 practices and automate only 7. Organizations with the worst problems commonly implement only 2 practices and automate none.

The latest IT Policy Compliance Group benchmark report also offers several practical steps for improving results for information security, including:

  • Assessing current practice against best performing organizations
  • Identifying the largest gaps in current practices
  • Prioritizing improvements to practices
  • Reducing costs
  • Reducing risks
  • Improving results

Learn more by downloading the full report

You must be a member to view this report. Join now!

Upcoming Events
  • August 2, 2014Black Hat
  • August 2, 2014Integrative Biology Summit
  • August 7, 2014DEFCON
  • August 18, 2014ISACA GRC Conference
  • September 15, 2014Global Identity Management Summit
AEC v1.0.4

Keep up the good work. Goes beyond technology by focusing on process and people. — Senior partner, Audit Firm

Recent Posts