Security needs executive support

Senior management’s commitment is a key element in ensuring the success of information security initiatives, according to a recently released global survey.

Conducted by the Information Systems Audit and Control Association (ISACA), the study revealed most organizations believe IT security initiatives will be more successful when managed as a business undertaking rather than a technical requirement.

Other critical elements to a successful information security pogram include, management’s understanding of information security issues, security planning prior to implementation, and business and security integration. ISACA surveyed 157 respondents from major industries in eight countries. ISACA is a global organization of professionals involved in IT governance, control, security and assurance.

“There is a culture that’s been around for a while that says security is a technology issue and we leave it to the IT professionals to deal with,” said Everett Johnson, international president, ISACA in Rolling Meadows, Ill.

The survey, however, revealed the need for “a much broader consideration than what information security professionals acting alone can accomplish.”

The study urged executives to forge a relationship with the IT security manager, “backed up with visible and consistent implementation of company policies and standards.”

While a pre-requisite for success, executive buy-in is only part of a bigger picture, said Joe Greene, vice-president, IT security research at Toronto-based IDC Corp.

“It’s a combination of people, process and technology,” said Greene.

The first step in implementing an IT security program, he said, was planning. Senior executives needed to understand the benefits of an IT security investment.

“It’s very difficult to prove a return on investment with IT security, so senior executives need to have a more holistic view of what’s involved in IT security,” Greene said.

But the role of senior executives does not end with “throwing money at the IT security problem,” said Greene. The whole process involves understanding the issues, formulating a plan around those issues, and then acquiring the products and services to help bring that plan to fruition, he said.

Another vital element is employee education around the need to protect information assets, said Greene.

QuickLink 067218

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now