Based upon this formula, strong risk management is focused on exposing and remediating vulnerabilities while accurately assessing threats. If threats and vulnerabilities are sufficiently reduced, risk management activities should provide an adequate defense against security incidents.
ESG initiated this research project in order to assess the current practices, challenges and future plans of enterprise-class organizations in order to test the hypothesis that the definition and scope of security management is growing in reach and stature. As such, this report concentrates on the following issues:
- What are the current security management processes and technologies in use? Who is responsible for these processes and technologies?
- How are these processes and technologies changing and/or expanding? What is influencing these changes?
- How do organizations create security management policies? Who is involved in these decisions?
- How are security management policies/procedures changing? What changes are taking place?
- What is driving demand for security management processes and technologies? How are priorities changing?
- Who influences security management process and technology decisions?
- How are security management budgets allocated?
- Which tools are currently in use? Are these tools adequate or deficient for today's needs?
- Which tools will be deployed in the next few years?
- Are new business initiatives driving change with regard to new technology requirements?
To answer these questions, ESG surveyed 207 security professionals. Respondents came from North American-based public- and private-sector organizations varying in size from 1,000 to over 20,000 employees, and represented more than 21 industry segments.
For more information on the contents and findings of this report, please download the executive summary below.
Executive Summary
