The world of security and risk management is an interesting world to examine - or should be.
In our recent Market IQ on Content Security ("Content Security: At the Fulcrum of Innovation and Risk"), one of the areas we looked into within this broad umbrella of Content Security, were the factors indicating that security and risk management are being taken seriously.
These were factors such as whether executive positions existed that oversaw such concerns, who "owned" these concerns at all (if not CXX), of course how much budget was specifically assigned to this aspect of security (rather than "pure" or "traditional" "information security" [servers, networks, desktops, and lower-level infrastructure security]), and so on.
For those of us who have been involved in security for a few years, you may recall the early 2000-2002 surge in articles and research into the role of the CISO (Chief Information Security Officer) versus the CSO (Chief Security Officer). Were they the same thing? Was one "physical" security (building security, preventing theft, on up to the types of attacks that are 9/11 in scale), whereas one was just "electronic?" From my perspective, where did content/information/knowledge concerns come into play? A Chief Privacy Officer? Who reported to whom, and did they truly have "executive level" power? Ownership? Budget? Accountability?
In the Market IQ on Content Security (grab a copy of the report, or sign up for the Thursday, November 1 - 2pmET webinar), we go into further detail than I will go into here, but as quick snapshot, see the below chart.
62% of the 600 respondents stated that they did not have a CXX-level security officer of ANY flavor, and that role was instead handled by another role.
Frankly, that's a bit shocking, and disturbing even. Cybercrime continues, this is a post-Enron and Worldcom era, laptops and private as well as commercial Intellectual Property is lost or stolen weekly - yet the buck seems to not start OR stop anywhere in the vast majority of executive circles. Overly harsh or realism?
What's your take? Is your organization taking this more seriously than many seem to be? Is their a CXX-level position (as a dedicated role) that we simply didn't have on the list?
Would love your feedback, and for much more detail on this and the wide world of Content Security, grab yourself a copy of the Market IQ on Content Security and/or join us for a webinar and discussion on the topic, this Thursday, November 1 at 2pm ET.