Research

State of the CSO 2008: Powering Up

Our exclusive 2008 State of the CSO survey shows growth on almost every front in the battle to engrain security and risk management into every business.

By Derek Slater

Page 2

Organizational convergence of physical and IT security has been one attempt to provide clearer oversight into risk. Detractors of this idea are holding steady; negative responses totaled 44 percent this year, which is exactly the same result obtained in 2006.

Should information and physical security operate as a single combined department?

(Numbers do not total 100% due to rounding.)
Always 32%
In my industry, yes 23%
Not in my industry 35%
Never 9%

3. Strong Points and Weak Points

Management's understanding of security is rated reasonably high; ratings for the general workforce suggest that employee regard for security remains (as always) the key area for improvement.

> The following mean scores show respondents' collective agreement or disagreement with various statements, using a scale of 1 to 5 (5 meaning strongly agree):

- Senior management has established a security policy and auditing process: 3.8
- Senior management views the security leader's role as strategic and permanent: 3.7
- Security is viewed as essential to business, as opposed to an overhead cost: 3.6
- Security considerations are a routine part of your company's business process: 3.6
- All managers understand their roles and responsibilities with regard to security: 3.1
- All employees receive training in all security policy topics: 3.6
- All employees are trained in the sanctions and consequences of a security breach: 3.4
- All employees consider security to be part of their everyday responsibilities: 3.1

4. Satisfaction and confidence

Last, Here are a few points of interest from a new set of questions in the survey.

Overall, CSOs love their jobs and confirm their extremely high confidence that risk management will gain further recognition as an important business discipline. That's a great sign.

Relative to the those high marks, respondents are somewhat less content with the quality and relevance of the security products and services they are offered.

Dramatically lower is their regard for national security policy and for law enforcements ability to address electronic crime issues.

What conclusion might one draw from connecting these dots? For years we've been hearing (and repeating) the old saw about the vast majority of the United States' critical infrastructure being owned and operated by private industry. This chestnut is usually rolled out in an attempt to goad the private sector into more enlightened and proactive security investment. But if these survey results are to be believed—and its a reasonable assumption that about 90 percent of respondents are in the private sector—the commercial world feels that it's doing quite well at security and the problem lies in the public sector.

The following mean scores indicate respondents' satisfaction, on a scale of 1 to 5 (5 being highly satisfied), with:

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors