Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Another Fun Security Awareness Site | Main | Medical Identity Theft and Bill Requiring Criminal Background Checks In LTC Facilities »

Another Study Supports The Need for Awareness and Executive Support

I'm always interested to read survey results related to information assurance. Of course the readers need to take the interpretations and summaries with a grain of salt; very few surveys are statistically representative of all organizations.

I ran across a recent risk management survey done by The Economist Intelligence Unit that provides some conclusions that reinforces what many information assurance leaders have been preaching about a lot lately, and what I've blogged about many times; the insider threat is significant and must be addressed through awareness, and executive leaders must strongly support risk management efforts.

A little background about the survey and report:

"In February 2007, The Economist Intelligence Unit surveyed 218 executives around the world about their approach to risk management and their perception of the key challenges and opportunities facing the function. The survey was sponsored by ACE, IBM and KPMG. Respondents represent a wide range of industries and regions, with roughly one-third each from Asia and Australasia, North America and western Europe. Approximately 50% of respondents represent businesses with annual revenue of more than US$500m. All respondents have influence over, or responsibility for, strategic decisions on risk management at their companies and around 65% are C-level or board-level executives."

The major conclusions and findings:

* Risk management must be embedded within every area and level of the business.

* The risks that businesses are not addressing well are those from human actions, regulatory compliance, reputation and IT.

* "the key determinant of success in risk management has become the need to ensure that a strong culture and awareness of risk permeates every layer of
the organisation."

* It is increasingly common to appoint a Chief Risk Officer (CRO).

The study results also support the need to have risk management initiatives clearly and consistently supported by executive leaders.

"With a strong culture and awareness of risk cited as being the most important factor in determining the success of risk management, close integration between risk and other functions in the organisation is clearly important. At present, however, progress on embedding risk in other parts of the business appears to be patchy."

Indeed this seems it should be common sense, but yet it is so rarely accomplished.

To successfully mitigate risks to an acceptable level appropriate to the business, all members of an organization must be aware of *WHAT* the risks are, *WHY* they are of concern to the business, and *HOW* to perform their job responsibilities in such a way to reduce the risks.

All personnel must receive regular training and ongoing awareness communications to keep the issues at the forefront of their minds, and help them to incorporate practices to safeguard information assets and preserve privacy into their day-to-day work activities.

Tags:                
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 18, 2007 1:00 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/439

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.