Proven Recipes for Better Security Outcomes


If experience is the best teacher, then the votes are in: organizations using CobiT and COSO to guide information security and IT audit practices are the winners.
Based on results from the latest benchmark, what’s being used for practice guidance strongly influences outcomes. The results include:

– Managing the integrity of information: CobiT and COSO by 30x
– Information security practices: CobiT and COSO by 23x
– Managing compliance with audit: CobiT and COSO by 16x
– Managing information security policies: unacceptable risks by 4x
– Managing business risks from IT: COSO and CobiT by 17x

Practice guidance among the 1 in 10 organizations with the best outcomes – least loss or theft or sensitive data, highest IT service levels, and lowest problems with regulatory audit – is dominated by the use of CobiT and COSO.  Thirty times more of these organizations use CobiT and COSO for managing the integrity of information, while 23 times more rely on these two forms of guidance for information security practices and prodedures. These organziations also employ PCI (even when not subject to PCI audits), ISO, NIST and internal standards at far higher-levels than all other organizations.
In contrast, 7 in 10 organziations rely on legal guidance for security policies and SCAP and CVE to manage the integrity of information. The worst outcomes are being experienced by organization with little-to-no guidance for their information security and IT audit practices.

Obtain the freely available benchmark report to compare your practices against the best performers today:

Guidance for Best Practices in Information Security and IT Audit

Additional information sources:
IT Policy Compliance Group report:
CobiT and COSO:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: