InfoSec Reporting: Communications Breakdown?

DDoSThanks to the Sony hack and other high-profile data breaches, IT security is getting a lot more attention. But are the right metrics in place to properly communicate the successes and failures?

In fact, lack of security metrics and reporting is high on the list of IT professionals’ concerns, according to a survey conducted by Wisegate. Among the findings, 80% said their top security risks (malware, data breaches, and outsider threats) are increasing – but 50% don’t have reporting procedures in place to measure their existing security programs.

But responses show the sheer volume of different products makes communicating strengths and weaknesses in the corporate security profile difficult. It results in failure to communicate program impact in business terms, and a failure for business people to understand security.

Advice from the National Association for Corporate Directors:

“Discussion of cyber-risks between boards and senior managers should include identification of which risks to avoid, accept, mitigate or transfer through insurance as well as specific plans associated with each approach.”

For more, click here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s