• Attention is shifting toward risk management. In two years, security leaders expect to be spending more of their time on reduction of potential future risk, and less on mitigation of current threats and management of regulatory and compliance issues. According to IBM, forward-thinking security organizations are more likely to establish a security steering committee to encourage systemic approaches to security issues that span legal, business operations, finance, and human resources. Fully 68 percent of advanced organizations had a risk committee, versus only 26 percent in the least advanced group. Use of data-driven decision making and measurement: Leading organizations are twice as likely to use metrics to monitor progress, the study showed (59 percent vs. 26 percent).
• Shared budgetary responsibility with the C-suite: The study showed that within most organizations, CIOs typically have control over the information security budget. However, among highly ranked organizations, investment authority lies with business leaders more often. In the most advanced organizations, CEOs were just as likely as CIOs to be steering information security budgets. Lower ranking organizations often lacked a dedicated budget line item altogether, indicating a more tactical, fragmented approach to security. Fully 71 percent of advanced organizations had a dedicated security budget line item compared to 27 percent of the least mature group, IBM said.
Follow Michael Cooney on Twitter: @nwwlayer8 and on Facebook.
Read more about wide area network in Network World's Wide Area Network section.