What Type of Security Leader Are You?

Sue Marquette Poremba
Slide Show

An Epidemic of Security Worst Practices

A majority of enterprises are failing to apply IT security best practices, significantly increasing their security and compliance risks.

In the time that I've worked on this blog, I have seen a small evolution in security concerns. When I first started, for example, mobile security was barely discussed - if discussed at all. Anonymous was still mostly anonymous.


A lot has changed over the past couple of years, and the skills of the bad guys, as well as ever-changing technology means that network security has to constantly evolve. And it makes sense that evolution would have to come from the top.


So it isn't surprising that a new IBM survey shows a clear evolution in information security organizations and security leadership. However, it is a little disheartening to discover that only one in four security chiefs surveyed currently play a strategic role in their firms.


According to a release, nearly two-thirds of CISOs surveyed say their senior executives are paying more attention to security today than they were two years ago, with a series of high-profile hacking and data breaches convincing them of the key role that security has to play in the modern enterprise. More than half of respondents cited mobile security as a primary technology concern over the next two years. Nearly two-thirds of respondents expect information security spend to increase over the next two years and of those, 87 percent expect double-digit increases.


It also appears that security is becoming part of the corporate business model and CISOs are focused more on risk management and anticipating problems before they happen rather than focusing on dealing with security situations after the fact. This is an encouraging trend. We know the bad guys are smart, are innovative and are taking advantage of every slip-up and lax security practices on the corporate side. The more security executives - and the corporate business model - focus on risk management and better security policy practices, the better protection they can provide.


After interviewing more than 130 security leaders globally, IBM discovered there are three types of leaders based on breach preparedness and security maturity. They are the Influencers, the Protectors and the Responders. A Sci-Tech Today article described each type:

The Influencer-type security executive is identified in the study as being "confident and prepared," influencing business strategy relating to security. Protectors are less confident, and, although they prioritize security on a strategic basis, they lack necessary structural elements that exist in Influencers' organizations, since they rank second in the key determining factors, such as the likelihood of having a CISO. Responders are the least confident, are focused largely on protection and compliance, and they rank third in the determining factors.

Which type are you?

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.