Information Security, Risk Management Assuming Strategic Role
By:
Biztech2 Staff
| Jan 23,2008
The 10th Annual Ernst & Young Global Information Security Survey shows that, a growing number of organisations recognise that information security can provide more than just protection of corporate assets. Delivering information technology (IT) and operational efficiencies with improvement in overall business performance are emerging as critical objectives.
The survey interviewed 1,300 senior executives, in more than 50 countries, with India emerging the second largest contributor with 114 respondents.
The integration of information security in the overall risk management function is on an increase amongst Indian organisations. The survey findings indicate, that Indian companies are increasingly using information security and risk management in a more strategic role of addressing business objectives. According to the survey, the number of organisations that have fully integrated the information security function into risk management operations has increased to 39% in 2007, from 19% in 2006. Compliance is a major driver in this integration, as indicated by 50% of the respondents in India.
Said Terry Thomas, Partner, Technology and Security Risk Services, Ernst & Young, "As companies integrate information security and strategic risk management, it enhances the organisation’s ability to use information security in a more strategic role for addressing business objectives. With the growing number of internal and external threats in today’s dynamic business environment, we expect further integration of information security and risk management."
The importance of privacy and data protection are considered to be top drivers for information security. Majority of the respondents from the top management which include, 73% of CEOs and 64% CIOs, place considerable importance on protecting privacy related information managed by their organisations. Privacy and data protection have emerged as the top three drivers for information security, as indicated by 58% of the respondents.
Said Devendra Parulekar, Associate Director, Technology and Security Risk Services, "We have realised that the focus and drivers for information security may change over the years, but the need to protect information assets, remains virtually important to businesses globally. Organisations are beginning to recognise that information security can deliver more than just protection for information."
Improving IT and operational efficiency are emerging as important elements of information security, as identified by a large number of Indian respondents (79%), compared to 69% globally. This implies that business executives are beginning to recognise that information security has been able to demonstrate business value and improve operations.
Availability of experienced IT and information staff is the greatest challenge in delivering strategic information security projects. While 63% of the Indian respondents indicated the use of third party services for information security design, the global usage is higher at 75%.
Meeting business objectives is a growing focus of information security. In India 47% respondents are inclined towards trying to achieve this. Globally, the trend is moving towards business objective alignment and not just investing in new technologies. The survey indicates a decrease in deploying new technologies from 24% in 2006, to 13% in 2007.
Information security is still limited to the IT department. The survey indicates that information security personnel are three times more likely to meet with IT department on a monthly basis, than corporate officers and business unit leaders. This may result in non-identification of issues relating to critical business improvements and the impact of information security on them. Early participation of top management in information security issues will only help them identify, or at least make them aware of the forthcoming strategic business risks. The survey indicates that 32% of the information security organisations do not meet with their board of directors or audit committees.
Organisations are demanding more from vendors and business partners in managing third party relationships. In India 39% and globally 48% of companies, felt that the vendors and business partners should have their own information security and privacy policies and procedures in place.
Key findings of the survey include, Information security is now more integrated into overall risk management; Privacy and data protection have significantly increased as key drivers of information security; And While compliance is the primary driver for information security improvements, achievement of operational efficiency is also a key objective
The survey interviewed 1,300 senior executives, in more than 50 countries, with India emerging the second largest contributor with 114 respondents.
The integration of information security in the overall risk management function is on an increase amongst Indian organisations. The survey findings indicate, that Indian companies are increasingly using information security and risk management in a more strategic role of addressing business objectives. According to the survey, the number of organisations that have fully integrated the information security function into risk management operations has increased to 39% in 2007, from 19% in 2006. Compliance is a major driver in this integration, as indicated by 50% of the respondents in India.
Said Terry Thomas, Partner, Technology and Security Risk Services, Ernst & Young, "As companies integrate information security and strategic risk management, it enhances the organisation’s ability to use information security in a more strategic role for addressing business objectives. With the growing number of internal and external threats in today’s dynamic business environment, we expect further integration of information security and risk management."
The importance of privacy and data protection are considered to be top drivers for information security. Majority of the respondents from the top management which include, 73% of CEOs and 64% CIOs, place considerable importance on protecting privacy related information managed by their organisations. Privacy and data protection have emerged as the top three drivers for information security, as indicated by 58% of the respondents.
Said Devendra Parulekar, Associate Director, Technology and Security Risk Services, "We have realised that the focus and drivers for information security may change over the years, but the need to protect information assets, remains virtually important to businesses globally. Organisations are beginning to recognise that information security can deliver more than just protection for information."
Improving IT and operational efficiency are emerging as important elements of information security, as identified by a large number of Indian respondents (79%), compared to 69% globally. This implies that business executives are beginning to recognise that information security has been able to demonstrate business value and improve operations.
Availability of experienced IT and information staff is the greatest challenge in delivering strategic information security projects. While 63% of the Indian respondents indicated the use of third party services for information security design, the global usage is higher at 75%.
Meeting business objectives is a growing focus of information security. In India 47% respondents are inclined towards trying to achieve this. Globally, the trend is moving towards business objective alignment and not just investing in new technologies. The survey indicates a decrease in deploying new technologies from 24% in 2006, to 13% in 2007.
Information security is still limited to the IT department. The survey indicates that information security personnel are three times more likely to meet with IT department on a monthly basis, than corporate officers and business unit leaders. This may result in non-identification of issues relating to critical business improvements and the impact of information security on them. Early participation of top management in information security issues will only help them identify, or at least make them aware of the forthcoming strategic business risks. The survey indicates that 32% of the information security organisations do not meet with their board of directors or audit committees.
Organisations are demanding more from vendors and business partners in managing third party relationships. In India 39% and globally 48% of companies, felt that the vendors and business partners should have their own information security and privacy policies and procedures in place.
Key findings of the survey include, Information security is now more integrated into overall risk management; Privacy and data protection have significantly increased as key drivers of information security; And While compliance is the primary driver for information security improvements, achievement of operational efficiency is also a key objective
Tags: [Information Security ] [Risk Management ] [Ernst & Young Global Information Security Survey ]
| Ads by Google | ||
Post a Comment on “Information Security, Risk Management Assuming Strategic Role”
There are no comments on this article yet. Why don't you post one?
LATEST NEWS
- Superfil Selects SYSTIME For Oracle EBS Implementation
- Cisco To Enhance SMB Tech Investments With Flexi-Pay Options
- HP Bets Big On SMBs
- Nuance Launches 9 Indian Languages For Speech Recognition
- NeoAccel Announces VMware Version Of SSL VPN-Plus
- APEJ Manufacturers To Display Strong Demand For IT Services
- Experian QAS Launches SaaS Offering For Contact Data Mgmt
- India, Japan To Be Largest Regional WiMAX Markets By 2012
- Customer Focus Differentiates IT Leaders From The Rest
- IBM India Lab Develops Data Security Solution
| Ads by Google | ||
RELATED
| Ads by Google | ||
Hot Searches & Keywords :
APAC
Acquisition
Asia Pacific
Asian Paints
BFSI
BI
BSNL
Bangalore
Bharti Airtel
Blackberry
Broadband
Business
Business Objects
Business intelligence
CA
CIO
CIOs
CRM
Cisco
Cisco Systems
Compliance
Data
Data Centre
Datacentre
Dell
EMC
ERP
Frost & Sullivan
Gartner
Google
Growth
HP
IBM
IDC
IT
India
Innovation
Intel
Internet
Linux
Manish Choksi
McAfee
Microsoft
Mobile
Mobile Banking
Nasscom
NetApp
Network
Novell
Open Source
Oracle
PLM
Red Hat
Retail
SAP
SMB
SMBs
SME
SMEs
SOA
SaaS
Satyam
Security
Servers
Software
Storage
Sun Microsystems
Symantec
TCS
Unified Communications
VMware
Virtualisation
VoIP
Web
Web 2.0
Websense
WiMax
Wipro
e-governance
healthcare
investment
outsourcing
partnership
telecom
|
|
||
| Ads by Google |
Sections
Applications |
Audits&surveys |
Bfsi |
Bookreviews |
Businessintelligence |
Businessprocesses |
Ciscosmenews |
Ciscowhitepapers |
Computing |
Contactcenters |
Contributedvideos |
Crm |
Ctoprofiles |
Datasecurity |
Databases |
Datacenters |
Education |
Energy |
Erp |
Focusspecials |
Government |
Guruspeak |
Hardwaresecurity |
Indialogue |
Innovation&leadership |
Innovators |
Intrusiondetection |
Intrusionprevention |
Ites |
Knowledgeprocess |
Lenovo |
Linux |
Managedservices |
Manufacturing |
Media |
Mobile |
Mobility |
Movement |
Networking |
Oncuewithitleaders |
Peoplemanagement |
Pharma |
Platforms |
Policies&compliance |
Recruitment |
Retail |
Saas |
Scm |
Securitymanagement |
Servers |
Services |
Softwaresecurity |
Softwareservices |
Specialreports |
Storage |
Storagesolution(apps) |
Techaction |
Telecom |
Telecommunications |
Theinsider |
Trendwatch |
Web |
Webisodescisco |
Weeklywrapup |
About Us | Copyright © 2006, Biztech2.com India - A Network18 Venture