When Tripwire carried out a detailed UK analysis of the Ponemon Institute's 2013 Risk-Based Security Management Study, it discovered something of a disconnect between an enterprise's commitment and its ability to actually deliver on that. The key takeaways from the very detailed analysis, can be boiled down to:
- Some 61 per cent don't communicate security risk with senior executives or only communicate when a serious security risk is revealed;
- Just shy of 40 per cent of collaboration between security risk management and business is poor, non-existent or adversarial;
- Less than half (47 per cent) rate communication of relevant security risks to executives as not effective' and when asked why this should be: 63 per cent said communication occurs at too low a level and 57 per cent said communications are too siloed. Furthermore, 56 per cent said the information is too technical to be understood by non-technical management and 50 per cent said negative facts are filtered before being disclosed to senior executives and the CEO. In addition just over one third (35 per cent) said it takes too much time to prepare report metrics to senior executives.
The results of this study would seem to suggest that integrating security risk into the day-to-day operational decision making of the business just isn't happening in the majority of enterprises.
Just how vital, therefore, are good communication skills? And, how can IT security professionals in particular develop new skills in this area to enable them to talk about risk in terms that are relevant to the goals of the business and so both understandable, and therefore implementable, by the powers that be?
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
IT Pro Panel: Tackling technical recruitmentIT Pro Panel With the recruitment market shifting, how can businesses both retain their best staff and fill gaping talent shortages?
-
Podcast transcript: Why techies shouldn’t become managersIT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
The IT Pro Podcast: Why techies shouldn’t become managersIT Pro Podcast Managing people is a completely different skillset to managing technology - so why do we keep pushing people from one to the other?
-
Podcast transcript: How umbrella companies exploit IT contractorsIT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
The IT Pro Podcast: How umbrella companies exploit IT contractorsIT Pro Podcast Is tighter regulation needed to stop workers from being cheated out of earnings?
-
Data scientist jobs: Where does the big data talent gap lie?In-depth Europe needs 346,000 more data scientists by 2020, but why is the gap so big?
-
Four tips for effective business collaborationOpinion Collaboration is about more than just removing office walls
-
IT Pro Panel: The truth about talentIT Pro Panel Why is it still so hard to find good people?
