Automation, Practice and Policy in Information Security for Better Outcomes

Some organizations are able to minimize the impact of business downtime caused by information security problems and deficiencies, and achieve the fewest incidents of loss or theft of sensitive information. But, according to IT-PCG research, only one in ten organizations attain these kinds of results.

These “best results” organizations, however, exhibit very unique profiles for automation, practice and policy that others can learn from to help improve their information security posture.

Covering forty practices and twenty-seven areas of policy coverage, the detailed findings of the IT PCG’s most recent report deliver fact-based insight into what’s working best. Organized by outcomes being experienced, the report covers:

  • Comparison of benchmarked outcomes for organizations surveyed along with a description of declining outcomes during 2009
  • The top 10 information security practices that result in better outcomes
  • The major policies that result in better outcomes
  • A comparison of financial outcomes for organizations that incorporate specific practices and policies

Organizations with the lowest business downtime, the least loss or theft of data and the fewest audit deficiencies in IT commonly implement 30 practices for information security and fully automate 22 of these. Those with more problems commonly implement 14 practices and automate only 7. Organizations with the worst problems commonly implement only 2 practices and automate none.

The latest IT Policy Compliance Group benchmark report also offers several practical steps for improving results for information security, including:

  • Assessing current practice against best performing organizations
  • Identifying the largest gaps in current practices
  • Prioritizing improvements to practices
  • Reducing costs
  • Reducing risks
  • Improving results

Learn more by downloading the full report

You must be a member to view this report. Join ITPolicyCompliance.com now!

Upcoming Events
  • April 26, 2014ACRP 2014
  • April 28, 2014ISACA NA CACS
  • April 29, 2014InfoSec Europe
  • April 29, 2014Cyber security, warfare amd forensics
  • April 29, 2014Europe Data Protection Intensive
AEC v1.0.4
 
TESTIMONIALS

Depending on your results, the comparisions with peers can be claimed as a standard of reasonableness — Lawyer, Legal Services

 
Recent Posts