Best Practices for Managing Information Security

The latest IT PCG report covers findings from benchmarks conducted from late 2008 through late 2009 and are organized by the outcomes organizations are experiencing. Coverage includes:

Organizational structure

    The organizations with the best outcomes share several characteristics, including: 

  • The highest rates of customer retention, revenue and profit
  • The least data loss or theft and the lowest financial exposure from data loss
  • The fewest hours of business downtime from IT failures or disruptions
  • Spending 50 percent less on audit each year


These organizations have a chief information security officer (CISO) or a senior manager of IT assurance manager who is in charge of information security reporting to either a chief risk officer (CRO), a chief compliance officer (CCO) or a senior manager of assurance. In contrast, others have far different approaches for managing the information security function. The report details how effective common approaches for managing information security are, the key differences in these approaches, and how these management structures are impacting results.

Organizational influence and strategy
In addition, the report covers the influence other functions are having on the information security function and the outcomes being experienced, including legal counsel, business divisions and lines of business, and human resources.

Practices and organizational structures in IT

Detailed coverage of activities and practices within IT for managing the information security results and day-to-day operations reveal organizational strengths and weaknesses that are having better, or worse results by their impact on customer data loss and theft, audit spending, business downtime from IT disruptions and failures, retention of customers, revenue and profit.

Polices and performance
Critical coverage of key polices for managing business productivity and acceptable risks, the use of standardized procedures, assessment and reporting, and quality programs in IT provide senior managers with first-hand evidence of what’s working to produce better outcomes across hundreds of organizations.

Learn more by downloading the full report.

You must be a member to view this report. Join now!

Upcoming Events
  • July 22, 2014RSA Asia
  • August 2, 2014Black Hat
  • August 2, 2014Integrative Biology Summit
  • August 7, 2014DEFCON
  • August 18, 2014ISACA GRC Conference
AEC v1.0.4

Once I read through the research, I realized this is the real deal. — Senior partner, Audit Firm

Recent Posts