IT DRILLDOWN
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

 
 

News

 

Study: Compliance Dominates New Game of Risk

What's the most vital element of corporate risk management? Symantec survey says IT availability management and compliance projects are now just as important, if not more important, than traditional IT security efforts.
 

January 31, 2008InfoWorldSymantec's primary strategy in the enterprise may currently revolve around the notion of IT risk management, but the company's latest research finds that efforts to refine corporate process unrelated to security technology have become just as popular with customers moving to limit their exposure.

According to Symantec's annual survey of 405 businesses, the notion that technologies used to improve IT security serve as the most vital element of corporate risk management currently ranks below other priorities among customers. Respondents to the study rated IT availability management and work on specific regulatory compliance projects as comparable, and in some cases more important, to their ongoing risk mitigation efforts.

In addition, fewer businesses are utilizing a strategy that approaches IT risk as a standalone skill set or initiative, according to the Symantec report.

One year ago, customers participating in the study indicated that the adoption of security technologies represented the central tenet of their risk management plans. In the 2008 report, 78 percent replied that availability maintenance concerns are now as vital to their exposure mitigation efforts as the installation of security tools.

Some 70 percent of respondents replied that security projects are still a critical part of their approach. However, 53 percent of the IT-related incidents experienced by surveyed companies were tied to other issues besides problems with systems defense.

"IT risk doesn't necessarily equate to security risk. That's a big shift and the key takeaway is that organizations are getting more mature around the portfolio of risks they have to manage," said Samir Kapuria, managing director of Advisory Services at Symantec. "In the past, people looked at one area as discreet, but now they're addressing the four pillars of compliance, security, risk, and performance availability as part of a balanced strategy."

Increasing interdependence on IT systems shared between business partners has elevated availability and performance concerns above security issues -- and businesses are more worried about causing a bottleneck in their global supply chain then they are looking to thwart attacks, the expert contends.

"IT systems availability can have a downstream impact which has had this downward effect," Kapuria said.

Spending on compliance-oriented projects also stands as a major piece of most companies' plans, with 68 percent of those people responding stating that their employers rate those efforts as crucial to their risk management strategies.

Respondents indicated that high-level risk management projects have become less central to their IT planning, with companies favoring targeted initiatives that address individual problems or regulations.

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Choose a mobile device platform with familiar programs and simplified management

How to Manage the Mobile Work Environment

How to simplify mobility and reduce the cost of supporting mobile workers

Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response

Webcast: Best practices in application security: How do you stack up?

White Paper: Juniper Networks Ethernet Switching Solutions Reduce Operational IT Expenses

Webcast: Learn why companies must invest in an agile network infrastructure

White Paper: Businesses Thrive by Unifying Business Communications

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

Renowned Engineering Institution Chooses AMD Processor-Based Servers

High-Definition: The Evolution of Video Conferencing

Managing Mobility: An IT Perspective

Unify and Conquer: The Benefits of Unified Communications.

Webcast: Increase traditional notebook computing ROI

Sheriff's Office Uses PocketCop to Access Police Databases from BlackBerry® Smartphones

The BlackBerry Solution Adds Significant Benefit to Toshiba

The New Foundation of Storage: Xiotech's Intelligent Storage Element

Green IT: Reducing Your Carbon Footprint with Citrix

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Top 10 Reasons to Go Green in IT

Transforming Virtualization into a Competitive Advantage

Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management

Network Immunity Manager Video

Cost-Effective Data Center 1U Server Solutions

Automate Business Processes - Try a Free Mashup Composer

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get Control of Mobile Data (and More)

Mitigating Risk with Security Assessments

Top 10 Questions to Ask when Choosing a Secure File Transfer Solution

Webcast: Building an Optimized Infrastructure

Juniper Networks is changing the economics of networking with a no-compromise, highperformance and service-oriented approach

Research about the efficiencies created by different operating systems.

Unified Communications Software: The Death of VoIP?

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Seeing is Believing: The Value of Video Collaboration

Getting Network Management Right: A Gartner IT briefing

Demonstrating the Business Value of Mobile Device Management

Oracle Database 11g: Real Application Testing & Manageability

Key challenges facing today's IT service and support

Heinz Uses a Wireless, Automated, Auditing process on BlackBerry® devices

Webcast: Solutions to the Toughest IT Challenges in Remote Offices

Extending PCI Compliance to the Mobile Workforce

Webcast: Why standardizing your ECM platform is so critical to your success

White Paper: WebMethods Business Process Management Suite

Gaining Transparency in IT Outsourcing

Top 10 Misconceptions about Performance and Availability Monitoring

Write an RFP for Master Data Management: 10 Common Mistakes to Avoid

HP Puts Its Disaster-tolerant Capabilities to the Test

Microsoft System Center - Designed For Big

Read Forrester's advice for deploying an enterprise mobile solution