News Archive

IT Survey

by msecadm4921

Regulatory compliance will be the top business issue affecting enterprise information technology (IT) in the next 12 to 18 months. That is according to a new ISACA member survey of more than 2,400 IT, security, and audit and assurance managers from 126 countries.

Conducted by ISACA, a global association serving 95,000 IT governance, assurance and security people, the survey found that the business issues that traditionally challenge ISACA members—such as compliance, governance and information security management—continue to dominate the list, but the increase in regulations, data breaches and new technologies such as cloud computing and the rise of personal technology in the workplace are accelerating complexity and risk. The findings are available in Top Business/Technology Issues Survey Results 2011, offered as a free download – at

“This year’s survey shows more clearly than ever that information technology cannot be managed in a vacuum. From the growing number of government regulations to consumer privacy concerns to hacktivist attacks, enterprise IT assets are being challenged in ways that go far beyond the server room,” said Tony Noble, CISA, a member of ISACA’s Guidance and Practices Committee and vice president of IT audit at Viacom Inc. “The study also reveals a marked perception that the business side of the organization believes IT is managed in a silo, which indicates an opportunity for better aligning business with IT to unlock greater value.”

Key business issues affecting IT, according to Top Business/Technology Issues Survey findings, along with their weighted scores, are:

· Regulatory compliance (Score: 4.6)
· Enterprise-based IT management and governance (Score: 4.4)
· Information security management (Score: 4.1)
· Disaster recovery/business continuity (Score: 3.1)
· Challenges of managing IT risks (Score: 2.5)
· Vulnerability management (Score: 2.1)
· Continuous process improvement and business agility (Score: 2.0)

Survey data reveal four areas that just missed the top seven this year, but are expected to rise in importance in future member surveys: cloud computing, mobile device management, virtualisation and business intelligence.

Regulatory compliance

Enterprises are facing a need to manage growth in a challenging global economy while at the same time comply with a growing number of regulations and standards. New or changed regulations expected to impact enterprise IT in the next 12 to 18 months include Basel, Frank-Dodd, PII, Do Not Track, Solvency II and HITECH Meaningful Use, as well as an overall tightening of tax and privacy regulations worldwide. Within this topic, the top-ranked technology concern (chosen by 53 percent of respondents) was segregation of duties and privileged access monitoring.

Managing IT project risk

The survey shows that there is a growing focus on enterprise-based IT management and IT governance. This finding aligns with the IT Governance Institute’s global status report on GEIT, which showed that 95 percent of the C-level executives surveyed consider governance of enterprise IT important. According to the Top Business-Technology Issues survey, managing IT project risk tops the list of concerns within this area, rated as most important by 45 percent.

Growing number of breaches

After many well-publicized data breaches and losses and massive spending on security technologies, organisations are realizing that information security is about being able to manage information adequately. One of the top concerns expressed by ISACA members was the lack of senior management involvement in setting direction for information security, which was ranked as important or very important by a total of 80 percent of responses.

“Occurrences such as WikiLeaks, the Zeus botnet and an overall rise in identity theft show in 2010 that the variety and volume of threats is on the upswing. Security is everyone’s business, not just IT’s. This area will continue to be a losing battle if organizations don’t get top-down commitment,” said Greg Grocholski, CISA, director at ISACA and corporate auditor at The Dow Chemical Co.

Lack of awareness

From flooding to power outages to acts of terrorism and civil unrest, all business activity is at risk for disruption. Despite advances in software, continuity remains an elusive goal. According to the survey, the biggest problem (87 percent) is the lack of awareness among business managers that they are responsible for being able to maintain critical functions in the event of a disaster.

These business issues are among the topics that will be addressed at upcoming ISACA events. The North America Computer Audit, Control and Security (CACS) conference in Las Vegas, Nevada, USA, on 15-19 May 2011 will examine the human factors of IT and feature several sessions on advancements in social media, cloud computing and mobile devices. The World Congress in National Harbor, Maryland, USA, on 27-29 June 2011, covers the range of ISACA disciplines: IT audit, governance, compliance, security and risk management.

Follow ISACA on Twitter:

Related News

  • News Archive

    Latin Conference

    by msecadm4921

    SITREP-CSM 2006 is a three day conference aimed at corporate security chiefs of global or multinational operating business enterprises planning to invest or already active in Latin…

  • News Archive

    Road Risks

    by msecadm4921

    More than three-quarters of highway staff said they had suffered verbal abuse from drivers, and 40pc reported having objects thrown at them…

  • News Archive

    Retail Parking

    by msecadm4921

    Greg Lawrence, Group Loss Risk Manager for retailers Tesco, speaks on secure parking. From our October 2001 print edition. You can tell…


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing