FREE MEMBERSHIP - Create your personalized Bitpipe Service!  Members: Sign in 
Search Bitpipe: 
  Search Help
sponsored by CIO Decisions
Posted:  13 Nov 2006
Published:  01 Nov 2006
Format:  HTML
Length:  3   Page(s)
Type:  Journal Article
Language:  English
ABSTRACT:
Every parent who has taken a lengthy trip with children is familiar with the question "Are we there yet?" As a child, you probably asked the question when the length of the journey exceeded your interest in making it.

Today, many firms have a similar impatience with their information security--or "infosec"--strategy. A major source of CIO frustration is the lack of clear end point for infosec. "Security practice is completely up for grabs in terms of definition, available software, process, reasonable cost and executive appetite to adopt," says a former telecom firm CIO who now serves as a midsized-company consultant. "Everyone I talk to is unclear [about] what will be required as part of enterprise risk assessment."

We contacted 135 companies (62 large and 73 midsized firms). The consensus among respondents is that security challenges create serious company misalignment. Firms exhibit various disconnects between infosec strategy and the enterprise, particularly the following:

  • the security strategy and the enterprise strategy;
  • the security strategy and the implemented program;
  • security technologists and the enterprise as a whole;
  • basic security literacy and senior executives;
  • true spending on security and optimal spending; and
  • the practice of security and day-to-day operations.



Author

Thornton A. May
Executive Education Programs ,  Haas School of Business, University of California
Thornton designs and delivers the future-focused IT curriculum for the executive programs at the Anderson School of Management at UCLA and the Haas School of Business.



BROWSE RELATED RESOURCES
CIOs | Information Security | Strategic Planning | Surveys

View All Resources sponsored by CIO Decisions
Home | About Us | Contact Us | Advertise with Us | Partner with Us | Site Index
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines

Definitions: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other   TechTarget - The Most Targeted IT Media
TechTarget Corporate Web Site  |   Media Kits  |   Site Map




All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Statement