New Research Uncovers Best Practices for Enterprise Security. Sand Hill Groups First-of-Its-Kind Study Synthesizes the Insight of Expert Practitioners into A Blueprint For Enterprise Security," Complete with New Models and Metrics.

Todays technological and geopolitical situation has driven Enterprise security to the top of the priority list at major corporations and public sector companies. So says a new Sand Hill Group research report released today which analyzes the opportunities and challenges of developing a world-class information security management program in large organizations, designed to meet global cyber-security threats.

San Francisco, CA (PRWEB) March 2, 2004 --Enterprise security has become a corporate governance issue," said M. R. Rangaswami, co-founder of the Sand Hill Group, presenting the findings at the firms Software 2004 conference in San Francisco, Calif. It is no longer a back-office problem that can be contained or managed within IT alone".

The report, A Blueprint For Enterprise Security -- Execution Strategies from Industry Visionaries," is based on in-depth interviews with senior executives and survey responses from security decision makers at organizations with average annual revenues of more than $20 billion. Five of the executives interviewed are members of the recently formed Global CSO Council. The participants provided in-depth information regarding their organizations Enterprise Security strategies and challenges.

The Sand Hill Enterprise Security report is a must-read for top executives in the Fortune 1000 and large public sector organizations," said Bill Boni, VP and CISO Motorola and Global CSO Council Member. It contains keen insight into new models for security project justification and benchmarking methods to help define success of existing security programs."

Highlights from the report include:
· New models for security project prioritization and justification.
· Metrics and measurements to help security organizations manage for success.
· A roadmap for creating and managing a world-class Information Security program.
· Strategies for vendors to help customers justify security initiatives to management.

The study outlines best practices for building and managing a world-class Information Security management program examining the business case, program structure, positioning, spending patterns and business models in use today among visionary organizations within the Fortune 200 and leading federal government agencies.

Interestingly, the study found CISOs believe they have done a good job at employing technology solutions, but still have substantial room for improvement in utilizing the other components of a successful information security management program -- people and process. Optimization of all three components is needed to ensure that better security practices become an integral part of the business fabric.

The value of this report is in the practical insights and best practices outlined by talking to visionaries in the Enterprise security community, including half the members of the recently formed Global CSO Council," said Rangaswami. The report will serve as a guide for senior C-level executives in the Fortune 2000 as they embark on developing a comprehensive enterprise security strategy and it will be a stimulus for new strategic thinking among veteran CISOs."