What Color is Your Infosec and Audit Program?


Does your organization operate in the red when it comes to information security and audit?  Or are you like 7-in-10 others operating in the yellow.  Might you be one of the top 10 operating in the green?

Size and industry do not matter when it comes to better protecting customer data, delivering higher levels of IT service, or passing regulatory audits. Larger organizations with more capabilities, more resources and more talent fare no better at protecting customer data than do small businesses with fewer resources and less capital. And, firms in more highly regulated industries are having, on average, the same level of difficulty passing regulatory audits as organizations in less regulated industries.

Neither size nor industry play an important role in driving better service levels for IT.

What matters?
Simply put: practices for infosec and audit!

 It’s the practices that are implemented, or not, that are most responsible for driving better results. Which of the following practices are implemented by your organization?

– Distribution of IT policies for adoption and exceptions
– Managing information security outside of IT operations
– Delivering training to employees and contractors
– Continuously monitoring critical IT assets
– Conducting ongoing assessments of business conditions and risks

All of the best-in-class organizations, operating in the green, experience the lowest rates of data loss or theft, the least amount of business downtime due to IT failures or disruptions, the fewest problems with regulatory audit in IT, and spend least on information security and audit.

Find out how the color – and the details – of your practices compare with the experience of more than 3,000 organizations in Guidance for Best Practices for Information security and IT Audit, at the IT Policy Compliance Group (see link below).

Additional information:

IT Policy Compliance Group report:


ISACA: www.isaca.org

PCI: www.pcisecuritystandards.org

ISO: www.iso.org

NIST: www.nist.gov

ITIL: www.itil-officialsite.com


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: