Protiviti recently published our annual IT Security and Privacy Survey which explores how over 700 IT leaders view their security and privacy policies, data governance, data retention and storage, data destruction policies, and third-party vendors and access.

[dvbox title=”Here are the key take-aways from the survey:” style=”light”]

  • Having an engaged board and a comprehensive set of security policies make a huge difference.
  • Most organizations need to enhance their data classification and management.
  • Security effectiveness hinges on policies as well as people.
  • Vendor risk management must mature.

[/dvbox]

I feel that there are two areas that are most critical coming out of the study.  First, board engagement is clearly critical to success, but it relies on board members to have an adequate understanding of how technology is used within the organization and the risks that poses to the firm.  Secondly, vendor risk management is increasingly become important across the enterprise (and not just in information security).  Organizations clearly need to implement programs (1) to know what vendors are working for the organization and (2) the extent to which they have access to the organization’s IT environments.

Learn more at Protiviti.com/itsecuritysurvey.   Do the results of this survey align with your experience?