Wednesday, February 22, 2012

451 Research: A Peek Into the Psychographics of the CISO

Click for Larger Image.
The 451 Enterprise Security Practice (ESP) really did a great job with this report. It's not going to change your life, but it certainly draws attention to changes in spending. There are market pivots taking place now to address changing architectures and risk. Several things caught my attention. Here are three short comments.

The Power of One. Security Awareness. 
This is the number one concern among CISOs. It should be. It must be. Hands down. No question.

DLP: Your Last Line of Defense. 
You've been compromised because you refused to spend the time/resources [1] hiring the right person, [2] hiring the right auditing firm, [3] buying the right equipment, [4] listening to your team, [5] etc... Perhaps you did everything right and were still compromised. Either way, your DLP system might be the last control that either prevents or alerts you right away that something isn't right.

Missing: Compliance and Audit for the Midsize Enterprise
Because I don't have a compliance guy. Because it's too hard. Because it's too expensive. Because it's too disruptive. The solutions are rapidly evolving. I'm in the mix hearing from the different vendors how they plan on addressing these concerns. None of them are perfect, but they are getting better.

See the full report here (451 access required): Enterprise Security: A Peek Into the Psychographics of the CISO (Security Quarterly: February 21, 2012)