The reality of information security is that any business on any given day can be compromised. Security breaches may be targeted or the result of automated scans. Cyber criminals may be sophisticated programmers who purchased an attack toolkit on the internet. With plethora of threat vectors to defend against, big businesses are expending their capital on cyber security technologies at an increasing rate. It should be kept in mind that buying a security technology alone, does not provide complete protection. The proper deployment of that security technology is also essential.
According to the latest survey of PwC Global State of Information Security, a majority of executives are confident of the effectiveness of their information security practices. Respondents included readers of CSO and CIO Magazines and clients of PwC from 138 countries. This survey comprises about 9,600 responses from CFOs, COs, Vps, CSOs, and Directors of IT and Security on more than 40 questions on topics related to information security and its alignment with the online business. Overall, respondents believe they have a proper information security strategy in place and that their firms are pro-actively executing those practices.
Big businesses make Information Security an Crucial Part of Their Business Planning
63% of respondents reported they had strategies in place within their organizations. 40% of those have a strategy in place as well as taking proactive steps to execute on it. 23% just have information security strategies in place. 16% respondents focus more on tactics than security strategy and 21% react to issues as they arise;
35% of respondents said they are very confident and 37% are somewhat confident that their information security practices are effective;
It is promising that so many enterprises already have strategies in place. However, companies should be cautious not to develop an overinflated sense of safety. It is essential to keep a close eye on measuring, monitoring and updating these strategies regularly, and ensure that technologies are being deployed correctly.
Measuring and Monitoring Information Security Performance
Information security performance measurement should be a system of measuring, monitoring and reporting infosec governance metrics. The development of such and network security assessment framework is essential to the evaluation of the effectiveness of Security Governance.
Some example metrics might include:
- Number and type of security incidents
- Number of systems where security requirements are not met
- Number and type of suspected and actual access violations
- Number of unauthorized IP addresses, ports and traffic types denied
- Time to approve, change and remove access privileges
- Number of access rights authorized, revoked, reset or changed
As technology advances, so does the complexity of cyber threats. Executives must remain aware of the real risks their companies face. These threats impact not just the company’s critical information, but also sensitive customer data. Without accurate perspective and effective cybersecurity services in USA, top management could develop a false sense of safety over a situation that could have significantly negative business impacts.