Scepticism amongst security staff about board’s commitment to IT security
An independent survey of more than 200 enterprise IT and security managers, commissioned by security and systems management software vendor NetIQ, has revealed that more than half (51%) of all UK companies have not implemented the necessary processes and procedures to proactively manage risk and comply with legislative directives such as PCI and Mifid.
The survey conducted by EMedia on behalf of NetIQ, questioned 218 security and IT managers about their companies’ readiness and views on compliance and risk management. It revealed a lack of readiness to meet compliance goals despite being their most critical security issue ahead of business continuity, data leakage and protection against viruses and spyware.
The NetIQ survey also indicated a high degree of scepticism among IT staff concerning the commitment to or understanding of IT security among the board - 40% claimed the board were merely paying lip-service to IT security to gain compliance status. Other survey findings pointed to a lack of co-ordination between the IT organisation and the rest of the business. Some 29% of IT security managers felt their companies’ security policies were not closely aligned with its business objectives or areas of risk within their organisation. Furthermore 57% of them felt internal staff didn’t understand the legislation that affected their business.
More on Operational Risk
Managers should be more confident challenging new processes
Disaster recovery and oversight key for utility's CRO
Hill Dickinson lawyer outlines his view
Custodians should retrain HR in foreign bribery rules as SEC threatens further action
Sign up for Risk.net email alerts
Catch up with the debate at OpRisk's flagship London conference
Sponsored video: Elseware
Oxford professor David Vines argues that the carrot is as important as the stick
Sponsored webinar: IBM
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.