Information security strategies fail to meet corporate needs

Information security remains isolated from executive management and business strategy, a survey from consultant Ernst & Young has found.

Information security remains isolated from executive management and business strategy, a survey from consultant Ernst & Young has found.

The Ernst & Young Global Information Security Survey, among executives at around 1,300 firms worldwide, says companies are still failing to implement an holistic approach towards information security, as the security function remains too isolated from executive management and the strategic decision-making process.

The survey reveals that a third of information security personnel never meet with company board or audit committee members, and over a quarter of information security personnel do not report to business leaders on information security compliance or incidents.

Monthly meetings are three times more likely to take place between information security and IT than with corporate officers, said Ernst & Young.

Richard Brown, head of technology security and risk services at Ernst & Young, said, "Recent incidents in the UK have done much to highlight the lack of protection of information assets held by organisations.

"Information security has never been so high up on the corporate and private individual's agenda, which means it has to move forward on the business, and not just the IT agenda."

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Information security has traditionally been isolated from executive management and business strategy, but I think the adoption of the CISO role is helping to change that. This trend puts information security on an equal footing (or near-equal, depending on implementation) with other C-level executives and, hence, business strategy. I say possibly near-equal footing because I’ve seen some implementation where the CISO is implemented as something slightly less than other C-level roles that reports, either directly or indirectly, to one of those executives. Still, that’s better than it has been, and brings information security more in-line with executive management and business strategy.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close