IBM's freshly released insights from its 2013 IBM Chief Information Security Officer Assessment, show that three areas impact security leaders, namely business practices, technology maturity and measurement capabilities.
The study leverages the know-how from experienced security leaders to outline a set of leading practices to help define the role of the security officer.
Conducted by the IBM Center for Applied Insights, in collaboration with IBM Security Systems and IBM Security Services, the study delved into in-depth interviews with senior leaders who have responsibility for information security in their organisations.
The goal of the interviews was to identify specific organisational practices and behaviours that could strengthen the role and influence of other security leaders. To maintain continuity, interviewees were recruited from the pool of 2012 research participants—80 percent of those recruited were prior participants—with an emphasis on more mature security leaders.
As emerging technologies like cloud adoption and mobile computing present new opportunities to organisations, the risk to data grows. Coupled with sophisticated and advanced threats from attackers, the role of the CISO is becoming more strategic within many organisations. Today's experienced CISO is required to be both a technologist and a business leader, with the ability to address board level concerns as well as manage complex technologies.
To help CISOs better protect their organisation and understand how their roles compare with those of other CISOs, the 2013 IBM CISO Assessment identifies practices and behaviours that can strengthen the role of information security leaders.
This year's study uncovered key findings, leading practices, and a set of shortcomings that even mature security leaders are wrestling with. Looking in depth at three areas—business practices, technology maturity, and measurement capabilities—the study shows a guide for both new and experienced security leaders.
The security leaders interviewed stress the need for strong business vision, strategy and policies, comprehensive risk management, and effective business relations to be impactful in their roles. Understanding the concerns of their C-suite is also critical. More mature security leaders meet regularly with their board and C-suite, thereby improving relations.
When they meet, the top topics that they discuss include identifying and assessing risks (59 percent), resolving budget issues and requests (49 percent) and new technology deployments (44 percent). The challenge for security leaders is to successfully manage the diverse security concerns of the business.
Mobile security is the number one "most recently deployed" security technology, with one-quarter of security leaders deploying it in the past 12 months. Although privacy and security in a cloud environment are still concerns, three-fourths (76 percent) have deployed some type of cloud security services—the most popular being data monitoring and audit, along with federated identity and access management (both at 39 percent).
Sign up for CIO Asia eNewsletters.