Portland, OR (PRWEB) August 20, 2013
Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today released results from an extensive study focused on the state of risk-based security management with the Ponemon Institute. The study examined security controls and spending and revealed that many organizations misalign security spending with perceived security risks, haven’t yet deployed preventive security technologies, and rarely use audits to identify security risks.
The study respondents included 749 U.S. and 571 U.K. professionals in the following areas: IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management.
“Given the constantly changing nature of security threats and security technologies, it’s not surprising that many organizations are having difficulty assessing and prioritizing security risks,” noted Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Unfortunately, the misalignment of perceived risk and security spending coupled with the minimal use of security audits means that many organizations don’t have the information they need to improve security risks.”
When respondents were asked how their organization assesses and prioritizes risks, the results showed:
When asked about the deployment of preventative and detective controls, the study revealed:
“These results underscore the challenges IT and security professionals grapple with every day,” noted John Pierce, vice president of information systems for Tripwire. “The risk and security landscape faced by organizations continues to increase in complexity, requiring us to deploy and manage more sophisticated and comprehensive solutions to address rapidly evolving risks.”
Other findings from the study include:
For more information about this study please visit: http://www.tripwire.com/ponemon/2013/#spending
About the Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries
Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at http://www.tripwire.com or follow us @TripwireInc on Twitter.