2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

Size: px
Start display at page:

Download "2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals"

Transcription

1 2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals Sponsored by

2 Contents Introduction....3 Key Takeaways from the 2017 Report:....3 Security Metric Collection, Reporting, and Usage...4 Security metrics collection widespread, but reporting irregular....4 Commonalities in security metric usage....5 Wide variances in number of security metrics used...6 Primary drivers for security metrics usage....6 Manual collection still common...6 Security Metrics and Business Alignment....7 Consistent use of security metrics dramatically impacts business stakeholder opinions....7 Lack of confidence in security investment value prevalent....8 Clear business objectives result in higher security investment ROI....8 Security Metrics in Business and Board-Level Communications....9 Security metrics reporting common within IT, but not outside of IT....9 Top IT staff responsible for updating the board Boards updated on security multiple times per year Board updates not driven by breaches Tenable Recommendations Survey Methodology and Participant Demographics Trends in Security Metrics and Security Assurance Measurement Report 2

3 Introduction Most managers today have heard one or more variations of the old adages What gets measured gets improved, and You can t manage what you don t measure. Few, if any, business managers today, including IT security leaders, would dispute the idea that finding a way to measure and track performance has enormous benefit. However, while the idea of measurement seems simple on the surface, and is almost universally acknowledged as a good business practice, applying the notion of measurement to IT security programs can be very challenging. Security metrics can help IT security teams measure the effectiveness of IT controls and demonstrate compliance with internal security policies, governance frameworks, and regulatory requirements. Security metrics can also be used to diagnose problems, identify weak links in your security posture, facilitate benchmark comparisons, and drive performance improvement. And last, but most certainly not least, security metrics can be used by IT security teams to show business executives and boards how existing and planned IT security programs align with business needs. When it comes to IT security assurance measurement, it may be surprising that even in such a highly technical and data-oriented field as security, it s not always clear how IT security metrics can and should be used to measure the performance of IT security programs. What approaches are IT organizations taking today in terms of security metrics collection, reporting, and usage? Who are security metrics shared with and how often? Are security metrics currently being used by IT security teams to demonstrate business alignment? To demonstrate ROI? If so, what is the impact? And most importantly, how effective are current approaches to using security metrics as part of a broader approach to security assurance measurement? The 2017 Trends in Security Metrics and Security Assurance Measurement Report was commissioned by Tenable to measure the attitudes, beliefs, and perceptions of IT security professionals in relation to security metrics. It was also designed to discover whether current approaches to security assurance measurement are meeting the needs of IT security teams, CISOs, business executives and boards. This report represents a global survey of 315 IT security decision makers in companies with more than 100 employees across a wide range of vertical industries and geographic regions. In it, we quantify the experiences modern IT security teams have with capturing, using and sharing metrics used to measure security assurance. Also examined is how IT security teams use security metrics to communicate the state of security assurance and security program effectiveness within their own teams, and the ways security metrics are used in communications with business executives and the board. Key Takeaways from the 2017 Report: 1. Regular collection, irregular reporting. Although 92% of survey respondents collect security metrics, only 42% regularly report their metrics. However, survey results also found that IT security teams who consistently collect and report on security metrics are almost twice as likely to be viewed as strategic partners by the business. This indicates that IT security teams who collect security metrics but do not use a regular reporting cadence are missing an important opportunity to be viewed as a strategic partner by the business. 2. Security metrics typically collected to demonstrate compliance. Security metrics are most commonly used for demonstrating compliance (74%). Other frequently reported uses included measuring security program capabilities and maturity (57%), and justifying increased security investments (51%). 3. Primary driver behind security metrics usage is brand protection. Just over a third of respondents (38%) were primarily concerned with protecting the brand, customer data and customer privacy. Another third (33%) felt that metrics help them measure whether they are following IT security best practices. 4. Manual metric collection still common. 92% of survey respondents still rely on some manual processes to collect security metrics. Only 8% reported fully automated collection Trends in Security Metrics and Security Assurance Measurement Report

4 5. Fewer than half view their IT security teams as a strategic partner to the business. Survey results showed a clear correlation between use of security metrics and being viewed as a strategic partner. Consistency in reporting also appeared to be a key factor in terms of being perceived as a strategic partner to the business. 6. Lack of confidence in the value of security investments is prevalent. More than 70% report they are not confident that the value from their security spend over the past 24 months has delivered measurable benefits that justified the investment made (ROI). 7. Clear business objectives are still far too lacking. Survey results showed that clear business objectives resulted in higher security investment ROI. IT security teams with clear business objectives that map to security metrics were more than twice as likely to report value from their security investments. However, more than two-thirds reported that they either had no business objectives, or that the objectives they had lacked clarity. 8. Security metrics reporting is common within IT, but less common outside of IT. Far too often, security metrics information has a tendency to stay within the IT team. Fewer than half reported security metrics outside of IT. Less than a quarter (24%) reported that their security metrics are seen by the CIO or CISO. Only 23% reported that their metrics were shared with business executives, and only 18% stated that security metrics were shared with the board. 9. Once boards gets metrics, they want regular updates. Of the 18% that share their metrics with their board, almost a third (31%) update their boards monthly, while another third (33%) update their boards quarterly. Only a small number of survey respondents (3%) report that they update their boards only upon request. The remainder of this report provides detailed findings and insights into current trends in security assurance measurement and security metric collection, usage, and reporting. Security Metric Collection, Reporting, and Usage A primary area of focus for the research survey was on obtaining data regarding current trends in security metric collection, reporting, and usage. Security metrics collection widespread, but reporting irregular The majority of IT security teams responding (92%) collect metrics related to security. In fact, only a few companies with more than 100 employees (8%) report that they do not collect security metrics. Does your organization use security metrics? We collect security metrics, but don t report them consistently 49% No 8% Yes, we consistently collect and regularly report security metrics 43% However, drilling deeper surfaces a rather troubling finding. Although the majority of IT security teams collect metrics, less than half (43%) regularly report on these metrics. This means that despite their investment in metric collection, far too often security metrics and the associated insights they provide sit unused and simply go to waste Trends in Security Metrics and Security Assurance Measurement Report 4

5 Survey results did indicate, however, some variance in security metric reporting based on company size. Close to two-thirds (62%) of the largest companies report security metrics regularly, compared to just a quarter (24%) of the smallest companies in the study. It is also much more common for small companies to report that they don t capture any security metrics (10%) than large companies (3%). However, as survey results show, the general trend is that most companies collect security metrics, but many do not regularly report on these metrics. This trend holds across all company sizes. Does your organization use security metrics? (by company size) More than 5,000 62% 35% 3% Yes, we consistently collect and regularly report security metrics 1,000-5,000 36% 54% 10% We collect security metrics, but don t report them consistently 100-1,000 24% 62% 14% No 0% 20% 40% 60% 80% 100% Commonalities in security metric usage While survey results illustrate that not all companies regularly report on security metrics, collected metrics are, however, still utilized by the teams that collect them. The vast majority (97%) of IT security teams that collect security metrics use them (even if reporting is irregular), with only a small number (3%) reporting that their metrics are collected but not used. However, how exactly are IT security teams using security metrics? According to the results of the survey, security metrics are most commonly used for demonstrating compliance (74%). Other frequently reported uses of security metrics include: Measuring security program capabilities and maturity (57%) Justifying increased security investments (51%) Documenting the activities of the security team (42%) How are security metrics used in your organization? Demonstrate compliance with industry standards or frameworks 74% Measure security program capabilities and maturity 57% Justify increased investments in people, processes, or technology 51% Document the activities and labor utilization of the security team 42% We don t use our security metrics 3% 0% 10% 20% 30% 40% 50% 60% 70% 80% n = collect security metrics Trends in Security Metrics and Security Assurance Measurement Report

6 Wide variances in number of security metrics used While there is consistency in the use of security metrics, no consistency was found in the number of different metrics used. It was most typical for survey respondents to report that they track 10 or fewer metrics (62%). However, many respondents also reported that they tracked a much higher number of security metrics, with 1 in 10 (10%) reporting that they tracked 50 or more metrics. How many different security metrics do you use to measure the effectiveness of your IT security program? 40% 35% 30% 25% 20% 15% 10% 5% 0% 35% 27% 20% 8% 6% 4% More than 100 Primary drivers for security metrics usage The drivers for adopting security metrics varies greatly among IT teams. When asked to identify a primary driver for using IT security metrics, just over a third of respondents (38%) were primarily concerned with protecting the brand, customer data and customer privacy. Another third (33%) felt that metrics help them measure whether they are following IT security best practices. Still others are driven primarily by PCI (15%) or other compliance needs (8%). For a few companies (6%), the primary motivation for using security metrics was the cost associated with recovering from a breach. Which best describes the primary driver behind the use of security metrics in your organization? Protecting the brand, customer data, and customer privacy 38% Security best practices 33% PCI compliance 15% Regulatory compliance other than PCI 9% Cost of recovering from a breach 6% 0% 5% 10% 15% 20% 25% 30% 35% 40% Manual collection still common An ongoing challenge with many security assurance measurement programs is the level of effort required to collect technical control data and then calculate relevant security metrics. Survey respondents reported that manual methods for collecting metrics are still common. Only 8% reported that their security metric collection efforts are fully automated, a small minority compared to the 92% that report at least some of the metric collation activities are still manual. Most worrisome, for almost Trends in Security Metrics and Security Assurance Measurement Report 6

7 half (45%) of survey respondents, was that manual collection activities are not a rare exception but the rule, with at least half of their metric collection performed manually. The benefits of automating metric collection are well established, so this is a clear area of potential improvement for IT security teams. How does your team collect security metrics for reporting purposes? Fully automated 8% 47% 29% 14% 2% Mostly automated, but some manual Even mix of automated and manual Mostly manual, but some automated Fully manual 0% 20% 40% 60% 80% 100% Security Metrics and Business Alignment A second area of investigation for this research survey was to discover how IT security teams use security metrics with business stakeholders to demonstrate business alignment and to communicate the value IT security programs deliver to the business. Consistent use of security metrics dramatically impacts business stakeholder opinions An increase in focus on IT security is normally accompanied by an increase in visibility to business stakeholders within the organization, but the attention received is not always positive. There exists an even split between companies that view their IT security team as a strategic partner to the business, and those that don t. In your organization, do business stakeholders view the information security team as a strategic partner? I don t know 16% Yes 42% No 42% Drilling down further into the data to compare use of security metrics with perceptions of the business team resulted in some additional interesting findings. There is a clear correlation between use of security metrics and being viewed as a strategic partner by the business. Among security teams that consistently collect and report on security metrics, almost 6 in 10 (59%) are viewed as a strategic partner by their business stakeholders. That number drops to just over 1 in 10 (12%) for teams that don t collect security metrics Trends in Security Metrics and Security Assurance Measurement Report

8 Reporting was not enough to gain the trust of business stakeholders. Consistency in reporting also appeared to be a key factor impacting perceptions. Only about a third (32%) of security teams that are inconsistent in their reporting were able to report that they are viewed as a strategic partner. "Yes" - Business stakeholders view information security as a strategic partner 70% 60% 50% 40% 30% 20% 10% 0% 59% Consistently collect and report on security metrics 32% Collect and report on security metrics inconsistently 12% Don't collect security metrics Lack of confidence in security investment value prevalent Many organizations are significantly ramping up their IT security investments, which typically increases the level of expectations for IT security teams to demonstrate that their programs are delivering value to the business. Unfortunately, less than a third of survey respondents (29%) were confident that the value received from their security spend over the past 24 months had delivered measurable benefits that justified the investment made (ROI). The most common situation for IT security teams was that while they recognized some benefits, they were not confident the value was worth the money spent (42%). Have the security dollars you spent in the past 24 months delivered measurable benefits that justified the investment made (ROI)? We received benefits that more than justified the investment 29% 42% 12% 2% 16% 0% 20% 40% 60% 80% 100% We received some benefits, but probably not enough to justify the investment We received some benefits, but clearly not enough to justify the investment We didn t receive any benefits from our investment Too hard to measure Clear business objectives result in higher security investment ROI It is extremely important for the business and IT security leaders to have discussions around the value of IT security program investments. Therefore, this research study was specifically designed to focus on the connection between security metrics and perceived value, with a particular focus on trying to quantify the relationship between security metrics, business objectives and the perceived value of IT security programs Trends in Security Metrics and Security Assurance Measurement Report 8

9 Most survey respondents reported that they do have business objectives they can map security metrics to (89%). However, only about a third (31%) said that their objectives were clear. Does your organization have clear business objectives that you can map security metrics to? Yes, the objectives are clear 31% 58% 11% We have some objectives, but they are not clear No, we don t have objectives 0% 20% 40% 60% 80% 100% This study also showed that clarity in business objectives plays a crucial role for IT security teams in terms of their ability to report that their IT security investments resulted in measureable value. At companies where security teams reported they have clear business objectives, more than half (52%) reported that their security investments have paid off, nearly twice what teams without clear objectives reported. The survey also highlighted the importance of clarity. Merely having objectives was not impactful. Business objectives must not simply exist, they must also be clear. For security teams given business objectives that lacked clarity, only 22% reported receiving ROI, a very similar ROI result to those teams who reported they have no objectives at all (18%). "We received benefits that more than justified the investment" 60% 50% 52% 40% 30% 20% 22% 18% 10% 0% Yes, the objectives are clear We have some objectives, but they are not clear No, we don t have objectives Security Metrics in Business and Board-Level Communications The final area of investigation for this research was on how IT security teams were using security metrics in communications outside of their immediate IT organization. In particular, questions focused on how IT security teams use security metrics to support communications with business executives and their board. Security metrics reporting common within IT, but not outside of IT With security metrics reporting, once again survey results showed a wide range of behaviors. While the vast majority (95%) of IT security teams do report their security metrics, far too often this information has a tendency to stay within the IT team. Less than half of survey respondents (43%) reported security metrics outside of the IT team. Less than a quarter share their security metrics with business executives (23%), and an even smaller number share their metrics with their board of directors (18%) or with shareholders (only 2%) Trends in Security Metrics and Security Assurance Measurement Report

10 Even more interesting, security metrics reporting often does not reach C-level executives within the IT organization itself. Only 24% of survey respondents reported that their security metrics are seen by the organization s CIO or CISO. For many others, the highest level of security metrics are reported is to a VP within the IT team (11%), to a director on the IT team (10%), or to a manager (4%). What is the highest level that security program effectiveness data gets reported up to within your organization? To shareholders 2% To the board of directors 18% To the business executive level To the CIO or CISO level 23% 24% To the IT VP level 11% To the IT director level 10% To the IT manager level 4% To the security team 3% Security information does not get reported up within the organization 5% 0% 5% 10% 15% 20% 25% 30% This is an important insight because, as discussed earlier in this report, consistent use of security metrics dramatically impacts business stakeholder opinions. Therefore, IT security teams who want to be viewed by business stakeholders as a strategic partner should strongly consider sharing security metrics outside of the IT/IT security teams with line-of-business managers (if they are not already doing so) as a way to improve business stakeholder opinions regarding the value that the IT security team delivers to the organization. Top IT staff responsible for updating the board For 20% of companies that share security metrics with their board or shareholders, updating the board is the job of top IT staff. Typically, reporting to the board is the job of the CIO or other top IT executive (39%). However, this responsibility may also be performed by the CISO or other top security executive (27%). Only 3% said that responsibility for board-level communications about IT security program effectiveness is done by a non-it executive (such as a COO or CFO). Who is responsible for updating your organization s board on security program effectiveness? CIO or other top IT executive 39% CISO or other top security executive 27% VP-level IT executive Director of IT Security or other senior IT security staff member (non-executive) 14% 17% Non-IT executive (i.e. COO, CFO) 3% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% n = report security effectiveness to board and/or shareholders Trends in Security Metrics and Security Assurance Measurement Report 10

11 Boards updated on security multiple times per year When boards do receive updates on IT security programs, these updates are typically performed on a regular cadence. Almost a third (31%) update their boards monthly, while another third (33%) update their boards quarterly. Only a small number of survey respondents (3%) reported that they update their boards only upon request. How frequently does your board receive updates on your organization s security program? 35% 30% 25% 20% 15% 10% 5% 0% 31% 33% 17% 16% Monthly Quarterly Twice a year Annually Less regularly than annually 0% 3% Only upon request n = report security effectiveness to board and/or shareholders Board updates not driven by breaches A final area of exploration for the survey was the degree to which board updates were driven by breaches. Interestingly, while major breaches and legal issues often make popular news stories, breach-related issues do not typically drive organizations to update their boards on the effectiveness of their security programs. Only 8% of survey respondents reported that a security incident such as a breach or data privacy issues was a driver behind the requirement to report security metrics to the board. Instead, board updates seem to be driven more by requirements to update the board on standard business operations, with the focus of these updates split evenly between the following areas: External motivations, including outside regulations compliance requirements, audit committee requirements, or external advisors (45%) Internal motivations, including proactive program growth, business alignment, or best practices (47%) What is driving the requirement to report security metrics to your Board? Incident motivation 8% External motivation 45% Internal motivation 47% n = report security effectiveness to board and/or shareholders Trends in Security Metrics and Security Assurance Measurement Report

12 Defining success, identifying risks, and figuring out the right metrics for measuring security programs is a huge challenge. How do you measure the effectiveness of your current security programs? Can you communicate and demonstrate the effectiveness of your security programs to executives? Do business executives in your organization and the governing board understand how and why investments are being made? CISOs and other IT security leaders must be able to measure security program effectiveness, identify gaps and take decisive action to secure their organization. They also must be able to obtain board-level buy-in in order to obtain funding for new programs designed to enhance and optimize the organization s defenses and improve overall security. However, no two organizations are alike. To effectively measure security assurance within an organization, it is necessary to understand the business needs of the organization, define and map security requirements based on the business needs, collect relevant security metrics, and measure the outcome for success or necessary changes. If done well, the right security metrics communicated effectively to the right levels within the organization will help each organization understand security risks and exposures, better assure organizational security and compliance, and drive action across the organization. Failure to effectively collect security metrics and measure security assurance will undermine IT security credibility and perceived value. There s no question that security metric collection and security assurance measurement play an important role in assessing the effectiveness of IT security programs. When leveraged effectively, security metrics can be used to improve decision making, to increase visibility, to establish security baselines and identify deviations from baseline, and to demonstrate the value of the IT security department. Based on the findings of the 2017 Trends in Security Metrics and Security Assurance Measurement Report, what can both security professionals and organizations do to improve security assurance measurement and their use of security metrics? Here are some suggestions to get started: 1. If you aren t currently measuring security assurance, it s time to start. The majority of organizations today (92%) are using security metrics to measure security assurance for their organization. If you are one of the few who are not Tenable Recommendations currently using security metrics to measure security assurance, remember the old adage, What gets measured gets improved. The primary focus of an IT security professional should be on continuously assessing and improving the IT security controls in order to protect their company from security risks. Security metrics play a foundational role in security assurance assessment, measurement, and continuous improvement. Make sure you know what metrics are currently being used to measure security assurance in your organization, and if you aren t currently measuring security assurance, start putting a plan together to start. 2. Establish and maintain a regular reporting cadence. Although the majority of IT security teams collect metrics, less than half (43%) regularly report on their collected metrics. This means that the security metrics many teams are collecting are languishing. They are not being used to drive improvements in IT security programs, to measure security program effectiveness, or to demonstrate the value of the IT security team to business executives or the board. It is important to ensure the insights that the security metrics you are collecting are leveraged appropriately throughout your organization. IT security practitioners, as well as business executives and the board, need this visibility and context in order to take action to improve existing security programs, as well as to justify funding new programs to better protect the business. 3. Recognize that using security metrics for compliance measurement should be a basic starting point, not the final destination. According to survey respondents, security metrics are most commonly used for demonstrating compliance. However, for most modern IT organizations, effective compliance reporting should be table stakes. Effective security assurance measurement means moving beyond basic compliance reporting, and focusing on more strategic areas such as ensuring the organization is following security best practices, reporting on IT security program strengths and weaknesses, and demonstrating alignment with business goals and objectives. 4. Realize that sometimes less really is more. 73% of survey respondents reported that they used anywhere from six to more than 100 security metrics to measure the effectiveness of their IT security program.

13 However, most IT security leaders have found that focusing on just 4-5 core security metrics specific to the organization s business goals and objectives for protecting the organization from risk is the most effective approach. 5. Know the critical business drivers for security assurance measurement in your organization. What are the key drivers for security assurance measurement in your organization? Are you trying to demonstrate compliance? Adherence to security best practices? Calculate ROI for security program investments? For many organizations, the primary drivers behind the collection of security metrics are compliance, capability measurement, and justifying investments. Whatever those primary drivers are, it s important that you be able to clearly identify and articulate them. 6. Automate security metric collection. Surprisingly, more than half of all metric collection is still being done using manual efforts. If you are still doing fully manual, mostly manual, or an even mix of automated and manual security metric collection, put a project plan in place to examine how you can mostly automate or even fully automate your collection. Automating collection will free up cycles so you have more time to spend analyzing security metrics and identifying opportunities to improve security program effectiveness, rather than inefficiently trudging through manual data collection. 7. Use security metrics to help ensure business stakeholders view your IT security team as a strategic partner. As described earlier in this report, there is a fairly even split between companies that view their security teams as strategic partners to the business and those that don t. If the IT security team within your organization is viewed more as a roadblock than business enabler or strategic partner, security metrics and security assurance measurement can play a key role in helping your team learn to speak the language of business. You can also use security metrics to help you begin developing the relationships you need with line-of-business managers and ensure your IT security team is viewed as a strategic partner by the business instead of being viewed as a cost center or the department of No. As survey findings illustrated, there is a clear correlation between the use of security metrics and being viewed as a strategic partner by the business. 8. Focus on identifying and articulating - in metricsoriented language - the value security program investments deliver to the business. It s important to be able to discuss the benefits to the business that different security programs provide. However, articulating this in IT security technology geek speak that doesn t resonate with business leaders, or failing to show hard metrics that support your statements, will lead to failure. Be prepared to clearly and concisely articulate the value of your security programs in metrics-oriented business terms, and make sure you have the data you need to back up your assertions. 9. Ensure you have clear business objectives. If you don t currently know what your organization s business objectives are, ask for them and ensure they are documented. If none exist, work with your management team and other business leaders in the organization to get them defined, and ensure they are clear. As this research showed, organizations that had clear business objectives were nearly twice as likely to be able to report that their security investments had paid off when compared to organizations with unclear objectives or no objectives. 10. Ensure you have the security metrics you need for regular board updates. Although the research survey found that today only 18% of companies share security metrics with their boards, this percentage will likely continue to rise due to an increasing awareness by boards regarding the importance of assessing the effectiveness of their IT security controls and programs as a component of their overall enterprise risk management program. If you don t have business executive and board-ready metrics today, start putting a plan in place to identify what business executive and board-ready security metrics you need, where the underlying data that supports these metrics resides, and how your process works easy and automated or manual and difficult to collect these metrics. Keep in mind that these board updates are often driven more by requirements to update the board on standard business operations and deviations, with an emphasis on assessing existing program effectiveness, and identifying current and future risks.

14 Survey Methodology and Participant Demographics In early 2017, IT security professionals were invited to participate in an online survey on the topic of the security of their data and systems. Participants were asked a series of questions about their security programs, with a focus on IT security metric collection and usage. A total of 315 qualified participants completed the survey. All participants were IT security professionals at companies with more than 100 employees. A wide range of job levels, company sizes, and vertical industries were represented. About Dimensional Research Dimensional Research provides practical market research to help technology companies make their customers more successful. Our researchers are experts in the people, processes, and technology of corporate IT and understand how corporate IT organizations operate. We partner with our clients to deliver actionable information that reduces risks, increases customer satisfaction, and grows the business. For more information, visit dimensionalresearch.com. About Tenable Tenable transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats, and reduces exposure and loss. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable customers range from Fortune Global 500 companies, to the global public sector, to mid-sized enterprises in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com. 2017, Dimensional Research. All rights reserved.

OPTIMIZATION MAXIMIZING TELECOM AND NETWORK. The current state of enterprise optimization, best practices and considerations for improvement

OPTIMIZATION MAXIMIZING TELECOM AND NETWORK. The current state of enterprise optimization, best practices and considerations for improvement MAXIMIZING TELECOM AND NETWORK OPTIMIZATION The current state of enterprise optimization, best practices and considerations for improvement AOTMP.com The Next Evolution of Telecom Management OVERVIEW As

More information

Implementing ITIL v3 Service Lifecycle

Implementing ITIL v3 Service Lifecycle Implementing ITIL v3 Lifecycle WHITE PAPER introduction GSS INFOTECH IT services have become an integral means for conducting business for all sizes of businesses, private and public organizations, educational

More information

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: October Sponsored by Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information is easily transported outside of managed environments,

More information

State of Cloud Survey GERMANY FINDINGS

State of Cloud Survey GERMANY FINDINGS 2011 State of Cloud Survey GERMANY FINDINGS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Cloud security is top goal and top concern.................................. 8 Finding 2: IT staff

More information

PVS Subscription Registration Process

PVS Subscription Registration Process PVS Subscription Registration Process Create Your Tenable Support Portal Account 1. Click on the provided link to create your account. If the link does not work, please cut and paste the entire URL into

More information

Nessus Manager Registration Process

Nessus Manager Registration Process Nessus Manager Registration Process These instructions are provided to help managers of Nessus Manager to get started in using the software. You will need to retrieve the Activation Code from your Tenable

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

2 The IBM Data Governance Unified Process

2 The IBM Data Governance Unified Process 2 The IBM Data Governance Unified Process The benefits of a commitment to a comprehensive enterprise Data Governance initiative are many and varied, and so are the challenges to achieving strong Data Governance.

More information

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs

More information

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: June 2013 Sponsored by Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information can be easily transported and lost, while the

More information

Modern Database Architectures Demand Modern Data Security Measures

Modern Database Architectures Demand Modern Data Security Measures Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing

More information

How to Transition from Nessus to SecurityCenter Reports

How to Transition from Nessus to SecurityCenter Reports HOW-TO GUIDE How to Transition from Nessus to SecurityCenter Reports Using SecurityCenter for continuous network monitoring and vulnerability assessment will give you a greatly expanded set of features

More information

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use

More information

THE POWER OF TECH-SAVVY BOARDS:

THE POWER OF TECH-SAVVY BOARDS: THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES

More information

Healthcare Information and Management Systems Society HIMSS. U.S. Healthcare Industry Quarterly HIPAA Compliance Survey Results: Summer 2002

Healthcare Information and Management Systems Society HIMSS. U.S. Healthcare Industry Quarterly HIPAA Compliance Survey Results: Summer 2002 Healthcare Information and Management Systems Society HIMSS U.S. Healthcare Industry Quarterly HIPAA Compliance Survey Results: Summer 2002 HIMSS / Phoenix Health Systems Healthcare Industry Quarterly

More information

Building a Threat Intelligence Program

Building a Threat Intelligence Program WHITE PAPER Building a Threat Intelligence Program Research findings on best practices and impact www. Building a Threat Intelligence Program 2 Methodology FIELD DATES: March 30th - April 4th 2018 351

More information

How to Add, Deactivate, or Edit a Contact

How to Add, Deactivate, or Edit a Contact How to Add, Deactivate, or Edit a Contact Add Contact (Add account option only available to the Primary Contact for the account) 1. Log in to the Tenable Support Portal with authorized credentials: https://support.tenable.com/

More information

How to Register for Training

How to Register for Training How to Register for Training We have created a Training Console to help you manage your Tenable training from the Tenable Support Portal. You will be able to enroll in On Demand Training Course(s) or Certification

More information

Why Enterprises Need to Optimize Their Data Centers

Why Enterprises Need to Optimize Their Data Centers White Paper Why Enterprises Need to Optimize Their Data Centers Introduction IT executives have always faced challenges when it comes to delivering the IT services needed to support changing business goals

More information

TESTING TRENDS IN 2016: A SURVEY OF SOFTWARE PROFESSIONALS

TESTING TRENDS IN 2016: A SURVEY OF SOFTWARE PROFESSIONALS WHITE PAPER TESTING TRENDS IN 2016: A SURVEY OF SOFTWARE PROFESSIONALS Today s online environments have created a dramatic new set of challenges for software professionals responsible for the quality of

More information

The data quality trends report

The data quality trends report Report The 2015 email data quality trends report How organizations today are managing and using email Table of contents: Summary...1 Research methodology...1 Key findings...2 Email collection and database

More information

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY Perspectives from U.S. and ese IT Professionals Executive Summary The use of artificial intelligence (AI) and machine learning (ML) in cybersecurity

More information

THALES DATA THREAT REPORT

THALES DATA THREAT REPORT 2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the

More information

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not

More information

THE STATE OF IT TRANSFORMATION FOR RETAIL

THE STATE OF IT TRANSFORMATION FOR RETAIL THE STATE OF IT TRANSFORMATION FOR RETAIL An Analysis by Dell EMC and VMware Dell EMC and VMware are helping IT groups at retail organizations transform to business-focused service providers. The State

More information

The State of Data Center Health Management Strategy 2017

The State of Data Center Health Management Strategy 2017 Strategic Alliance Partner Health Management Strategy The State of Data Center Health Management Strategy 2017 Fall 2017 Introduction Data has become one of the most valuable assets for 21st century businesses.

More information

THE STATE OF CLOUD & DATA PROTECTION 2018

THE STATE OF CLOUD & DATA PROTECTION 2018 THE STATE OF CLOUD & DATA PROTECTION 2018 Survey Results: 10 Findings on how over 800 IT Pros handle Disaster Recovery & Cloud Adoption. INTRODUCTION The Unitrends 2018 annual survey of IT professionals

More information

Mid-Market Data Center Purchasing Drivers, Priorities and Barriers

Mid-Market Data Center Purchasing Drivers, Priorities and Barriers Mid-Market Data Center Purchasing Drivers, Priorities and Barriers Featuring Sophia Vargas, Forrester Research Inc. 30 May 2014 Introducing today s presenters: Matt Miszewski Senior Vice President of Sales

More information

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec

More information

How-to Guide: Tenable.io for Lieberman. Last Revised: August 14, 2018

How-to Guide: Tenable.io for Lieberman. Last Revised: August 14, 2018 How-to Guide: Tenable.io for Lieberman RED Last Revised: August 14, 2018 Table of Contents Introduction 3 Integrations 4 Windows Integration 5 SSH Integration 11 Database Integration 17 Additional Information

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

Symantec Data Center Transformation

Symantec Data Center Transformation Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments

More information

To Audit Your IAM Program

To Audit Your IAM Program Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.

More information

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018 How-to Guide: Tenable Nessus for BeyondTrust Last Revised: November 13, 2018 Table of Contents Welcome to Nessus for BeyondTrust 3 Integrations 4 Windows Integration 5 SSH Integration 10 API Configuration

More information

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

Tenable.io for Thycotic

Tenable.io for Thycotic How-To Guide Tenable.io for Thycotic Introduction This document describes how to deploy Tenable.io for integration with Thycotic Secret Server. Please email any comments and suggestions to support@tenable.com.

More information

SOLUTION BRIEF Virtual CISO

SOLUTION BRIEF Virtual CISO SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten

More information

CYBERSECURITY AND THE MIDDLE MARKET

CYBERSECURITY AND THE MIDDLE MARKET CYBERSECURITY AND THE MIDDLE MARKET The Importance of Cybersecurity and How Middle Market Companies Manage Cyber Risks IN COLLABORATION WITH 2 Concerns about cybersecurity are not matched by plans. IMPORTANCE

More information

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance

More information

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Transforming Security from Defense in Depth to Comprehensive Security Assurance Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new

More information

THE CYBERSECURITY LITERACY CONFIDENCE GAP

THE CYBERSECURITY LITERACY CONFIDENCE GAP CONFIDENCE: SECURED WHITE PAPER THE CYBERSECURITY LITERACY CONFIDENCE GAP ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE Despite the fact that most organizations are more aware of cybersecurity risks

More information

Digital Analytics & Data Governance REPORT

Digital Analytics & Data Governance REPORT 2018 Digital Analytics & Data Governance REPORT INTRODUCTION In this digital era, data analysis and governance should be a top priority fixed at the forefront of the data-driven professional s mind. But

More information

` 2017 CloudEndure 1

` 2017 CloudEndure 1 ` 2017 CloudEndure 1 Table of Contents Executive Summary... 3 Production Machines in the Organization... 4 Production Machines Using Disaster Recovery... 5 Workloads Primarily Covered by Disaster Recovery...

More information

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN Improving Data Governance in Your Organization Faire Co Regional Manger, Information Management Software, ASEAN Topics The Innovation Imperative and Innovating with Information What Is Data Governance?

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives

IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives June 2018 1 Executive Summary This research finds that large enterprise customers and employees endure a substantial

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

Tenable for McAfee epolicy Orchestrator

Tenable for McAfee epolicy Orchestrator HOW-TO GUIDE Tenable for McAfee epolicy Orchestrator Introduction This document describes how to deploy Tenable SecurityCenter for integration with McAfee epolicy Orchestrator (epo). Please email any comments

More information

CICS insights from IT professionals revealed

CICS insights from IT professionals revealed CICS insights from IT professionals revealed A CICS survey analysis report from: IBM, CICS, and z/os are registered trademarks of International Business Machines Corporation in the United States, other

More information

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk Assure the board your company won t be the next data breach Introduction A solid vulnerability management program is critical

More information

Cybersecurity and the Board of Directors

Cybersecurity and the Board of Directors Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education

More information

Uncovering the Risk of SAP Cyber Breaches

Uncovering the Risk of SAP Cyber Breaches Uncovering the Risk of SAP Cyber Breaches Research sponsored by Onapsis Independently Conducted by Ponemon Institute LLC February 2016 1 Part 1. Introduction Uncovering the Risks of SAP Cyber Breaches

More information

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM 2014 SIEM Efficiency Report Hunting out IT changes with SIEM 74% OF USERS ADMITTED THAT DEPLOYING A SIEM SOLUTION DIDN T PREVENT SECURITY BREACHES FROM HAPPENING Contents Introduction 4 Survey Highlights

More information

BRING EXPERT TRAINING TO YOUR WORKPLACE.

BRING EXPERT TRAINING TO YOUR WORKPLACE. BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique

More information

Optimisation drives digital transformation

Optimisation drives digital transformation January 2017 Executive summary Forward-thinking business leaders are challenging their organisations to achieve transformation by harnessing digital technologies with organisational, operational, and business

More information

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture February 2019 Challenging State of Vulnerability Management Today: Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture In the last two years, businesses and governments have seen data breaches

More information

Use Case Study: Reducing Patient No-Shows. Geisinger Health System Central and Northeastern Pennsylvania

Use Case Study: Reducing Patient No-Shows. Geisinger Health System Central and Northeastern Pennsylvania Use Case Study: Reducing Patient No-Shows Geisinger Health System Central and Northeastern Pennsylvania February 2014 Geisinger is a leading integrated health services organization widely recognized for

More information

Evolution of IT in the Finance Industry. Europe

Evolution of IT in the Finance Industry. Europe 2011 Evolution of IT in the Finance Industry Europe CONTENTS Evolution of IT in the Finance Industry... 4 Methodology... 6 Focus... 8 Finding 1: Finance Industry Has Mature View on IT Trends...10 Finding

More information

Survey Results: Virtual Insecurity

Survey Results: Virtual Insecurity Best Practices SURVEY Survey Results: Virtual Insecurity May 2013 Executive Summary: Virtual Assets Could Bring Real Risk Virtualization technologies have reshaped how IT offers and delivers their services

More information

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation IBM X-Force 2012 & CISO Survey Cyber Security Threat Landscape 1 2012 IBM Corporation IBM X-Force 2011 Trend and Risk Report Highlights The mission of the IBM X-Force research and development team is to:

More information

2016 Survey: A Pulse on Mobility in Healthcare

2016 Survey: A Pulse on Mobility in Healthcare 2016 Survey: A Pulse on Mobility in Healthcare Introduction Mobile Trends in Healthcare Mobility in Healthcare Top Motivation for Implementing a Mobile Solution Impact of Mobility on Patient Experience

More information

Best Practices in Securing a Multicloud World

Best Practices in Securing a Multicloud World Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers

More information

June 2017 intel.com schneider-electric.com

June 2017 intel.com schneider-electric.com DCIM Solution Deployment June 2017 intel.com schneider-electric.com DCIM Solution Deployment Introduction Current state of data center management Do you currently have a solution deployed? 20% 80% The

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

2013 Cloud Computing Outlook: Private Cloud Expected to Grow at Twice the Rate of Public Cloud

2013 Cloud Computing Outlook: Private Cloud Expected to Grow at Twice the Rate of Public Cloud Private Cloud Expected to Grow at Twice the Rate of Public Cloud In This Paper Security, privacy concerns about the cloud remain SaaS is the most popular cloud service model in use today Microsoft, Google

More information

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS Introduction If you re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional

More information

Now on Now: How ServiceNow has transformed its own GRC processes

Now on Now: How ServiceNow has transformed its own GRC processes Now on Now: How ServiceNow has transformed its own GRC processes Increasing scalability, lowering risk, and slashing costs by $30,000 START 1 Introduction When your business is growing at 0% a year, it

More information

Security in a Converging IT/OT World

Security in a Converging IT/OT World Security in a Converging IT/OT World Introduction Around the winter solstice, darkness comes early to the citizens of Ukraine. On December 23, 2015, it came a little earlier than normal. In mid-afternoon,

More information

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE 2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:

More information

Driving Global Resilience

Driving Global Resilience Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute

More information

2017 RIMS CYBER SURVEY

2017 RIMS CYBER SURVEY 2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the

More information

Tenable for McAfee epolicy Orchestrator

Tenable for McAfee epolicy Orchestrator How-To Guide Tenable for McAfee epolicy Orchestrator Introduction This document describes how to deploy Tenable SecurityCenter for integration with McAfee epolicy Orchestrator (epo). Please email any comments

More information

Building a Resilient Security Posture for Effective Breach Prevention

Building a Resilient Security Posture for Effective Breach Prevention SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.

More information

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report. 2019 SIEM REPORT INTRODUCTION Security Information and Event Management (SIEM) is a powerful technology that allows security operations teams to collect, correlate and analyze log data from a variety of

More information

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.

More information

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

Enhancing Security With SQL Server How to balance the risks and rewards of using big data Enhancing Security With SQL Server 2016 How to balance the risks and rewards of using big data Data s security demands and business opportunities With big data comes both great reward and risk. Every company

More information

TESTING TRENDS FOR 2018

TESTING TRENDS FOR 2018 February Sponsored by Dimensional Research February Introduction In the early days of software when an application ran on one platform and one type of machine with few variables, testing was a relatively

More information

Skybox Security Vulnerability Management Survey 2012

Skybox Security Vulnerability Management Survey 2012 Skybox Security Vulnerability Management Survey 2012 Notice: This document contains a summary of the responses to a June 2012 survey of 100 medium to large enterprise organizations about their Vulnerability

More information

ACHIEVING FIFTH GENERATION CYBER SECURITY

ACHIEVING FIFTH GENERATION CYBER SECURITY ACHIEVING FIFTH GENERATION CYBER SECURITY A Survey Research Report of IT and Security Professionals MARCH 2018 INTRODUCTION The pursuit of the highest level of cyber security is a top priority for IT and

More information

Sustainable Security Operations

Sustainable Security Operations Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,

More information

The power management skills gap

The power management skills gap The power management skills gap Do you have the knowledge and expertise to keep energy flowing around your datacentre environment? A recent survey by Freeform Dynamics of 320 senior data centre professionals

More information

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing

More information

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT 2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT THYCOTIC 2018 GLOBAL CHANNEL PARTNER SURVEY Channel Partner survey highlights client cybersecurity concerns and opportunities for

More information

2010 Web Analytics Progress and Plans in BtoB Organizations: Survey Report

2010 Web Analytics Progress and Plans in BtoB Organizations: Survey Report 2010 Web Analytics Progress and Plans in BtoB Organizations: Survey Report page 1 Web Analytics Association 2010 Web Analytics Progress and Plans in BtoB Organizations: Survey Report Prepared by the Web

More information

SDN HAS ARRIVED, BUT NEEDS COMPLEMENTARY MANAGEMENT TOOLS

SDN HAS ARRIVED, BUT NEEDS COMPLEMENTARY MANAGEMENT TOOLS January 2018 Sponsored by Introduction 302 network professionals and IT strategists completed a global survey on Software Defined Networks (SDNs) to gather hard data on SDN adoption and operational challenges.

More information

Moving Workloads to the Public Cloud? Don t Forget About Security.

Moving Workloads to the Public Cloud? Don t Forget About Security. Whitepaper Moving Workloads to the Public Cloud? Don t Forget About Security. Key considerations for developing a cloud-ready cybersecurity strategy Introduction For many organizations today, it s not

More information

2015 Shopping Cart Abandonment Research Study

2015 Shopping Cart Abandonment Research Study RESEARCH STUDY 2015 Shopping Cart Abandonment Research Study Beginning in 2011, Listrak has conducted an annual shopping cart abandonment (SCA) study on the retailers in the current Internet Retailer Guide¹

More information

Embedding Privacy by Design

Embedding Privacy by Design Embedding Privacy by Design Metric Stream Customer Conference May 12, 2015 TRUSTe Data Privacy Management Solutions 1 Today s Agenda Privacy in the Context of GRC Data Privacy Management and Top Privacy

More information

TESTING TRENDS IN 2015: A SURVEY OF SOFTWARE PROFESSIONALS

TESTING TRENDS IN 2015: A SURVEY OF SOFTWARE PROFESSIONALS WHITE PAPER TESTING TRENDS IN 2015: A SURVEY OF SOFTWARE PROFESSIONALS Today s online environments have created a dramatic new set of challenges for the software professionals responsible for the quality

More information

Demystifying GRC. Abstract

Demystifying GRC. Abstract White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over

More information

A Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services

A Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services A Working Paper of the EastWest Institute Breakthrough Group Increasing the Global Availability and Use of Secure ICT Products and Services August 5, 2015 The EastWest Institute (EWI) is leading a Global

More information

Spotlight Report. Information Security. Presented by. Group Partner

Spotlight Report. Information Security. Presented by. Group Partner Cloud SecuriTY Spotlight Report Group Partner Information Security Presented by OVERVIEW Key FINDINGS Public cloud apps like Office 365 and Salesforce have become a dominant, driving force for change in

More information

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats SELLING YOUR ORGANIZATION ON APPLICATION SECURITY Navigating a new era of cyberthreats Selling Your Organization on Application Security 01 It's no secret that cyberattacks place organizations large and

More information

a publication of the health care compliance association MARCH 2018

a publication of the health care compliance association MARCH 2018 hcca-info.org Compliance TODAY a publication of the health care compliance association MARCH 2018 On improv and improving communication an interview with Alan Alda This article, published in Compliance

More information

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers AUSTRALIA Building Digital Trust with Australian Healthcare Consumers Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust 2 Consumers in Australia trust healthcare organisations

More information

A Global Look at IT Audit Best Practices

A Global Look at IT Audit Best Practices A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory

More information