“What are the top two drivers for your information security/risk management program?”
Leaders of forward-thinking organizations understand the need for more pervasive risk awareness – and are far more focused on enterprise-wide education, collaboration, and communications. The new breed of CSOs is taking systemic approaches to security issues that span legal, business operations, finance, and human resources.
As noted in Wisegate’s most recent study, IT security leaders agree that CSOs are increasingly asked to provide input about, and even take responsibility for, risk management teams and programs in addition to information security. Wisegate members are some of the most experienced IT and infosecurity executives and managers in the world. Because of their positions and levels of responsibility, Wisegate members are often on the forefront of industry trends related to the use of information technology and the protection of enterprise data and intellectual property.
According to a poll conducted during the Wisegate CSO roundtable, close to 100% of participants said they have combined information security and risk management responsibilities.
As one Wisegate member, a CSO from a leading communications company, commented: “Today we no longer have two teams; today's information security professional also has to be a risk management professional. The program we built under security risk management has now become the framework we're using for enterprise risk management.”
As part of this shift in CSO responsibilities, organizations are spending more on risk management. A recent Wisegate poll asked members, “Can you please comment on whether you see spending on security/risk management initiatives trending in parallel to your overall IT spend, or is there more/less focus on funding security/risk management initiatives when compared to overall IT spend?”
While 60% of Wisegate members said they expected no change, a full 40% said they expected increase spending on security/risk management, with no members expecting a decline in spending on security/risk management.
In another poll, Wisegate members cited compliance requirements as the primary driver for increased risk management responsibilities. Members were asked: “What are the top two drivers for your information security/risk management program?” Responses were:
Compliance requirements: 73% General threat landscape: 53% Right thing to do (we prefer to initiate change rather than react to events): 33% A recent security ‘close call’ without external reporting requirements: 26% A recent security incident requiring external notification: 20%
“Wisegate’s CSO roundtable brought together IT security leaders from brand name companies who candidly discussed how the role of CSO is evolving and the impacts to their organizations,” said Sara Gates, Founder and CEO of Wisegate. “Wisegate’s members agreed that executive leaders are looking for CSOs who can be strategic thinkers as well as IT administrators. Future CSOs will need to understand business risk and its influence on everything from developing privacy policies to preparing disaster recovery plans.”
To request a copy of Wisegate’s report titled “CISOs Share Advice on Managing Both Information Security & Risk,” please visit: http://www.wisegateit.com/resources/downloads-risk-mgmt-report.
If you think you’d like to join Wisegate and meet the qualifications, go to http://www.wisegateit.com/request-invite/ and request an invitation to join.
Wisegate (wisegateit.com) is a social knowledge network for senior professionals. By enforcing strict membership guidelines and barring vendor ads and sales hype, Wisegate is the first and only private professional online community to foster high-value collaboration, conversation and content-sharing by a network of one’s true peers. Wisegate’s first community is for senior Information Technology (IT) professionals, with others rolling out according to market demand. Wisegate Inc., a privately funded company with headquarters in Austin, Texas, was founded in 2010 by Sara Gates, a respected industry veteran of several start-ups and large enterprise IT companies.