New Study Shows 38 Percent of Information Security Processes are Immature
Tuesday, February 12th, 2008New research from Wolcott Group (www.wolcottgroup.com), "The 2007 ISO 27001 Benchmark Study," shows that many organizations have significant gaps in how they manage information security. While most organizations have mature or developing controls for information security, many still have immature processes for key issues like security policy training, access control, asset management, business continuity, IT compliance auditing, and more.
"One of the most significant findings from the study is that nearly half of the respondents rated their organization’s approach to managing information security as ‘initial’ or ‘non-existent’," stated Gary Sheehan, CISSP, HISP, managing consultant for information security at Wolcott Group. "Essentially, this study demonstrates the need for organizations to adopt a more holistic approach to managing information security like ISO 27001/27002."
Highlights of Immature Controls and Processes:
• 57% have immature processes for classifying the value of their information assets
• 56% have immature employee training programs on information security policies and procedures
• 47% have an immature approach to managing information security
• 45% have immature business continuity processes
• 36% have immature IT compliance auditing processes
"The 2007 ISO 27001 Benchmark Study" was based on a 20-question self-assessment survey that explored the major aspects of how organizations govern information security as it is aligned with the ISO 27001 international standard and the ISO 27002 best practice framework. The study had 89 participants from a variety of industries, with 88% being in an IT management role, and 62% from organizations with over 1,000 employees.
Posted in ISO 27001, Information Security | No Comments »
