“Organizations are finding that even the most basic IT risk management program can produce material savings in time and money.”
Cambridge, MA (PRWEB) April 5, 2011
Neohapsis, a trusted provider of governance, risk, compliance (GRC) and security software products and advisory services, has published a new InformationWeek Analytic Report on risk-oriented security. In the recent InformationWeek Analytics survey on IT risk management, InformationWeek and Neohapsis surveyed 563 companies on their use of risk-oriented security methodologies. The survey found 61% of companies have realized savings in time and money by implementing risk management initiatives, even though the general maturity of risk management programs is still low and needs improvement:
- 35% of companies have programs with maturity level that is managed or optimized
- 64% of companies rely on spreadsheets as the primary risk management tool
- 32% of companies have quantified risk measurement
- 10% of programs are rated as effective and 32% are rated as satisfactory
- 18% of companies have enterprise wide risk management or GRC programs
Information technology teams that manage risk effectively are more agile, more efficient and better aligned to business goals. Despite this, only 52% of companies have any form of IT risk management programs in place. The main goals of most IT risk management programs remain tactical, with 64% citing fulfillment of regulatory compliance requirements and 62% citing reduction in security breaches. “Organizations are finding that even the most basic IT risk management program can produce material savings in time and money.” said report authors Erik Bataller and Gary Alterson, “However, to deliver more significant business value and use risk to drive decision making and influence behavior, these programs must continue to achieve higher level of maturity and leverage technology to improve program efficiency and adoption.”
In this report, you will learn:
- The results and analysis of the InformationWeek Analytics survey on IT risk management
- What constitutes a risk-oriented approach to security
- How organizations today are limiting the value of their IT risk programs
- The five steps necessary to get a risk-oriented IT security program off the ground
Copy of this report is available from InformationWeek if you have Premium Subscription to InformationWeek.
Copy of the report is also available from Neohapsis (http://www.neohapsis.com).
Links to Reports
Link to report from InformationWeek:
Link to report from Neohapsis
Neohapsis is a trusted provider of governance, risk, compliance (GRC) and security software products and advisory services to Fortune 2000 enterprises and government agencies. Neohapsis combines expert services with its advanced NeoGRC software platform to deliver comprehensive GRC and security solutions for over 300 customers that include 10 of the Fortune 50 companies. NeoGRC is an enterprise GRC software platform that provides process and data automation, stakeholder collaboration, advanced analytics and visualization technologies. NeoGRC allows users to visualize risk, compliance and security data with multi-dimensional business context to support informed decision making. Neohapsis Advisory and Security Services help organizations address security, compliance, operational risk and IT risk challenges. Neohapsis consultants are recognized experts and thought leaders in the field of GRC and security. This combination of technology and service expertise allows Neohapsis to deliver solutions that fit the customer’s organizational maturity, business requirements and existing technology investments.
# # #