Best Practices for Managing Information Security

The latest IT PCG report covers findings from benchmarks conducted from late 2008 through late 2009 and are organized by the outcomes organizations are experiencing. Coverage includes:

Organizational structure

    The organizations with the best outcomes share several characteristics, including: 

  • The highest rates of customer retention, revenue and profit
  • The least data loss or theft and the lowest financial exposure from data loss
  • The fewest hours of business downtime from IT failures or disruptions
  • Spending 50 percent less on audit each year

 

These organizations have a chief information security officer (CISO) or a senior manager of IT assurance manager who is in charge of information security reporting to either a chief risk officer (CRO), a chief compliance officer (CCO) or a senior manager of assurance. In contrast, others have far different approaches for managing the information security function. The report details how effective common approaches for managing information security are, the key differences in these approaches, and how these management structures are impacting results.

Organizational influence and strategy
In addition, the report covers the influence other functions are having on the information security function and the outcomes being experienced, including legal counsel, business divisions and lines of business, and human resources.

Practices and organizational structures in IT

Detailed coverage of activities and practices within IT for managing the information security results and day-to-day operations reveal organizational strengths and weaknesses that are having better, or worse results by their impact on customer data loss and theft, audit spending, business downtime from IT disruptions and failures, retention of customers, revenue and profit.

Polices and performance
Critical coverage of key polices for managing business productivity and acceptable risks, the use of standardized procedures, assessment and reporting, and quality programs in IT provide senior managers with first-hand evidence of what’s working to produce better outcomes across hundreds of organizations.

Learn more by downloading the full report.

You must be a member to view this report. Join ITPolicyCompliance.com now!

Upcoming Events
  • April 26, 2014ACRP 2014
  • April 28, 2014ISACA NA CACS
  • April 29, 2014InfoSec Europe
  • April 29, 2014Cyber security, warfare amd forensics
  • April 29, 2014Europe Data Protection Intensive
AEC v1.0.4
 
TESTIMONIALS

Keep up the good work. Goes beyond technology by focusing on process and people. — Senior partner, Audit Firm

 
Recent Posts