Recently the Ponemom Insitute released its’ latest research on “Benchmarking Information Security Efficiency” Their goal was to help organizations determine the “most operationally efficient route to their desired security posture.” I’d hope that their desire would be continuous compliance. The research showed five key areas that affected security efficiency:
Appoint a CISO or organizational leader for information security:
Every project needs a champion. Your security and compliance program is no different. Security programs that garner support not just from IT but from departments across the enterprises improve their security outlook.
Initiate training and awareness programs on data protection and security for end-users:
Such great advice that many organizations take for granted. Policies and procedures cannot be followed and maintained if your staff does not know about them. Organizations must keep retraining as they hire new employees as well as to ensure security awareness is always at the forefront.
Achieve an organizational culture that respects privacy and data protection:
Cultural change does not happen overnight. Top level management must first define and document the organization’s desired security and compliance culture. They then need to implement programs and activities that communicate and reinforce this desired security compliance culture all departments across the enterprise.
Obtain executive-level support for security:
Agreed! Security compliance is not just the IT or Compliance department’s responsibility and transcends CIOs to the CEO and board of directors. The organization with top executive 100% engaged in its security compliance posture has an immediate advantage.
Deploy strong endpoint controls:
Choosing the right technology for your security programs is critical to achieving continuous compliance. Pick a solution that provides maximum security, automation, and flexibility.