Governance of Enterprise Security. Just read a interesting survey finding. The 2012 survey was done by Carnegie Mellon CyLab, sponsored by RSA. They surveyed how boards and senior executives are governing the privacy and security of their organizations’ digital assets. They used the Forbes Global 2000 list – respondents included: CEO/Presidents (52%), Corporate Secretaries (15%) and Board Chairs (24%).
The general take away was that boards and senior management are not exercising appropriate governance over the privacy and security of their digital assets. Sample table from the finding:
| Best Management Practice | Regularly | Occasionally | Rarely or Never |
| Board reviews & approves top-level policies on privacy & IT security risks | 23% | 28% | 42% |
| Board reviews & approves roles & responsibilities of lead personnel responsible for privacy & IT security | 19% | 18% | 66% |
| Board reviews & approves annual budgets for privacy & IT security programs | 28% | 10% | 54% |
| Board regularly receives reports from senior mgmt regarding privacy & IT security risks | 38% | 34% | 25% |
The findings are consistent with complaints by CISO/CSOs that they cannot get the attention of their senior management and boards and their budgets are inadequate.
The survey results indicate a serious lack of attention at the top.
Nancy Sykora
Sr. Account Executive