Some organizations are able to minimize the impact of business downtime caused by information security problems and deficiencies, and achieve the fewest incidents of loss or theft of sensitive information. But, according to IT-PCG research, only one in ten organizations attain these kinds of results.
These “best results” organizations, however, exhibit very unique profiles for automation, practice and policy that others can learn from to help improve their information security posture.
Covering forty practices and twenty-seven areas of policy coverage, the detailed findings of the IT PCG’s most recent report deliver fact-based insight into what’s working best. Organized by outcomes being experienced, the report covers:
- Comparison of benchmarked outcomes for organizations surveyed along with a description of declining outcomes during 2009
- The top 10 information security practices that result in better outcomes
- The major policies that result in better outcomes
- A comparison of financial outcomes for organizations that incorporate specific practices and policies
Organizations with the lowest business downtime, the least loss or theft of data and the fewest audit deficiencies in IT commonly implement 30 practices for information security and fully automate 22 of these. Those with more problems commonly implement 14 practices and automate only 7. Organizations with the worst problems commonly implement only 2 practices and automate none.
The latest IT Policy Compliance Group benchmark report also offers several practical steps for improving results for information security, including:
- Assessing current practice against best performing organizations
- Identifying the largest gaps in current practices
- Prioritizing improvements to practices
- Reducing costs
- Reducing risks
- Improving results
Learn more by downloading the full report
You must be a member to view this report. Join ITPolicyCompliance.com now!