State of the CSO 2012: Ready for anything
The 2012 State of the CSO survey shows progress toward a deeper level of business understanding and a wider knowledge of risk management
By Joan Goodchild
October 01, 2012 — CSO —
The saying goes that in every crisis, there is an opportunity. Compliance requirements, data and privacy demands, and the threat landscape are constantly evolving, forcing companies to realize the importance of security and invest accordingly. As security concerns expand, so does the role of the security leader.
Our annual State of the CSO survey finds a continuation of a two-part trend that we have been tracking for many years: First, there is more awareness of security and risk among companies, and second, in response, many organizations are using more formal enterprise risk management (ERM) programs. These policies, processes, methods, metrics and measurements help shape the strategic decisions for their organization. The goal is to make security strategy both targeted and holistic, proactive and defensive.
The survey gathered responses from 228 security professionals in a broad range of industries. Among those polled, 66 percent say their organization's leadership (that is, the CEO and board of directors) placed more value on risk management in the past year. That's a solid number, even higher than the 61 percent result in 2011.
[Also read The decade of the CSO]
And with that perceived value comes corresponding support, in the form of money and staff. Thirty-two percent of respondents expect to add to their full-time security headcount, and 45 percent expect their organization's overall security budget to increase in the coming year. Another 42 percent think their budget will stay the same; just 11 percent expect it to decrease. (Two percent were not sure.)
ESSENTIAL READING
The reactive, event-driven nature of security makes strategic planning more important, not less. Here are practical tips for creating a strategy that is aligned with your organization's business and enterprise risk management goals.
For more on ERM, get CSO's Risk Management monthly e-newsletter—sign up today!
ERM: The basics
An introduction to ERM (Enterprise Risk Management) for security, IT and operational risk professionals. ISO and COSO frameworks; risk measurement and prioritization; mini-case studies and real-world ERM examples.
Risk's rewards: Organizing for ERM
Leading companies are coordinating risk management activity, finding efficiencies and better visibility in the process. Here's how they do it.
Beginning ERM in 6 simple steps
ERM look like too big a commitment? Choose one process to improve, create a working group, show progress, and build momentum.
What GRC software needs to become
5 steps to an effective strategic plan
A simple model for thinking strategically about security services
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Security Analytics Video
- B2B Integration on Cloud: Real World Solutions and Technology Advances
- Virtualization Boosts SMBs
- HP Converged Storage: Storage for the next era of IT
- Seven Priorities for Integrated Network Management - How HP Intelligent Management Center Delivers an Enterprise-class Solution
- Five Myths of Cloud Computing
- Utility Storage: The Ideal Platform for Virtual and Cloud Computing
- Next-Generation Customer Experience Management
- Harvard Business Review: How Mobility is Changing the World
- #FFSec: Infosec pros who bring value to Twitter
Follow these names on Twitter. Together, they make cyberspace a more secure place. (copy and paste) - B-Sides Boston is Saturday
- Leaving CSO, Heading to Akamai
More Salted Hash with Bill Brenner
