2011 State of the CSO

This post sponsored by the Enterprise CIO Forum and HP.

Security By edleckert on flickrThe 8th Annual CSO Magazine State of the CSO report was released last month – I finally got my hands on a copy.  Thanks Colin!

Sidenote: Nice timing on finding this report since October is Cyber Security Month….read more on getting prepared for Cyber Security Month in Jerry Bishop’s recent Enterprise CIO Forum post.

The 2011 State of the CSO report outlines the results gathered from 229 respondents during a survey in March 2011.

Some key highlights from the survey:

  • Fewer than 2/3’s of security professionals believe their organization’s employees are trained on security related topics
  • Only 35% of respondents believe their organization’s employees consider security to be party of their daily responsibilities
  • Nearly 1/3 of respondents plan to add staff to the security function of the organization
  • Roughly 38% of respondents are planning an increase in security in the coming year
  • 64% of respondents agree that senior management view security and the security leaders as important, permanent and strategic
  • More than 60% of respondents believe that senior leadership is placing more value on security and risk management

Some interested responses but not surprising to me.  I’m not a Security pro at all but I would think that most organizations are focusing a good deal of effort and budget on ensuring both IT and Physical Security are improved throughout the enterprise.

One aspect that I found interesting is the area  focused on current and future trends that will most affect the security profession.  The responses were interesting…they are:

  • 26% of respondents pointing to ‘ubiquitous data’ as having the largest impact on the security profession
  • 21% of respondents believing technology as a service as having a large impact.
  • 20% believe that  Gen Y & Millennials entering the workplace will have a considerable impact on the security profession.

Some interesting results there. Ubiquitous Data, defined by the survey as the ability for users to have constant access to data and services, is getting closer to being a reality for all organizations.

To grab a copy of the 2011 State of the CSO Report, jump over to CSO Magazine and sign up for access.

Image Credit: Security By edleckert on flickr

This post sponsored by the Enterprise CIO Forum and HP.

11
Leave a Reply

avatar
7 Comment threads
4 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
Jeff CoxjfbauerJohn BauerericbrownEric D. Brown Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
trackback

Published: 2011 State of the CSO http://t.co/Qx0VvL67 #CIO, #CSO

trackback

2011 State of the CSO: This post sponsored by the Enterprise CIO Forum and HP.The 8th Annual CSO Magazine State … http://t.co/DrzZikcA

trackback

2011 State of the CSO http://t.co/OdKFFO9s from @ericdbrown

jfbauer
Guest
jfbauer

Thanks for the link … I skimmed the report and, as well, didn’t find anything that I found particularly striking. The ubiquitous access to data is challenging traditional security pros to rethink the “hard outer shell, soft gooey center” approach to security that has dominated the security architecture of the 00s. The “bring your consumer mobile device to work” in order to access that ubiquitous data rings of the late 90s rise of companies pushing to monetize their Internet presence against the relatively immature browser and desktop OS market at the time. There are bound to bumps in the road… Read more »

ericbrown
Guest

Hi John –

Some of the aspects of the report were interesting but I doubt anyone would argue that they are new issues faced by security professionals.

You raise a very good point hype vs trends vs reality. How does a CIO / CSO / IT professional deal with the hype vs reality?

jfbauer
Guest
jfbauer

@ericbrown Well, if you are a CSO/CIO/IT Pro, the hype actually works to your advantage. It can be a struggle to build a security business case: “We need to spend X millions of dollars on a Y to avoid getting hacked.” “What is the likelihood we will get hacked?” “Well, high.” “What if we spend X/2?” “Well, we could …” It is challenging to convince senior management to spend money on a non-revenue generating thing like security especially if there hasn’t been a recent security event at the company that has sensitized executives. The hype can be leveraged to add… Read more »

ericbrown
Guest

@jfbauer Excellent insight John. I’ve seen many CIO’s over do it when it comes to playing up the Hype to get more money and resources. Its kind of like the boy who cried Wolf…cry Wolf too many times without a proper reason and/or evidence of the Wolf, the organization will stop listening.

jfbauer
Guest
jfbauer

@ericbrown Yes, “the boy who cried Wolf” is very much what I was trying to convey. Playing the fear card effectively might just influence the gut decision senior management makes to shift some funds from a project they want to spend money on to a security project that they loath.

trackback

Shared: State of the CSO by @EricDBrown http://t.co/4QvnRc5E <JB:God summary, I added my thoughts in the comments

trackback

Shared: State of the CSO by @EricDBrown http://t.co/4QvnRc5E <JB:Oops, make that "good" summary, no deities were involved

trackback

Shared: State of the CSO by @EricDBrown http://t.co/4QvnRc5E <JB:Good conversation continuing on Eric's post

If you'd like to receive updates when new posts are published, signup for my mailing list. I won't sell or share your email.