Security needs executive support

Senior management’s commitment is a key element in ensuring the success of information security initiatives, according to a recently released global survey.

Conducted by the Information Systems Audit and Control Association (ISACA), the study revealed most organizations believe IT security initiatives will be more successful when managed as a business undertaking rather than a technical requirement.

Other critical elements to a successful information security pogram include, management’s understanding of information security issues, security planning prior to implementation, and business and security integration. ISACA surveyed 157 respondents from major industries in eight countries. ISACA is a global organization of professionals involved in IT governance, control, security and assurance.

“There is a culture that’s been around for a while that says security is a technology issue and we leave it to the IT professionals to deal with,” said Everett Johnson, international president, ISACA in Rolling Meadows, Ill.

The survey, however, revealed the need for “a much broader consideration than what information security professionals acting alone can accomplish.”

The study urged executives to forge a relationship with the IT security manager, “backed up with visible and consistent implementation of company policies and standards.”

While a pre-requisite for success, executive buy-in is only part of a bigger picture, said Joe Greene, vice-president, IT security research at Toronto-based IDC Corp.

“It’s a combination of people, process and technology,” said Greene.

The first step in implementing an IT security program, he said, was planning. Senior executives needed to understand the benefits of an IT security investment.

“It’s very difficult to prove a return on investment with IT security, so senior executives need to have a more holistic view of what’s involved in IT security,” Greene said.

But the role of senior executives does not end with “throwing money at the IT security problem,” said Greene. The whole process involves understanding the issues, formulating a plan around those issues, and then acquiring the products and services to help bring that plan to fruition, he said.

Another vital element is employee education around the need to protect information assets, said Greene.

QuickLink 067218

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now