Risk-Based Security Management Needs Improvement

Don Reisinger Avatar

Updated on:

Risk-Based Security

1-Time Is of the EssenceTime Is of the Essence

When it comes to compliance, the most important metric for IT professionals is mean-time-to-patch, according to 49% of them.

2-You Didn't Do That, Did You?You Didn’t Do That, Did You?

33% of IT pros spend most of their compliance time determining whether employees violated any policies, which is also a top concern.

3-Protecting Against ThreatsProtecting Against Threats

Determining whether endpoints are free from malware and viruses is an important metric among 45% of IT pros tasked with protecting against threats.

4-Living in a Quantifiable WorldLiving in a Quantifiable World

35% of IT pros say that reducing data breaches is enough of a metric to judge performance even though the numbers don’t always add up.

5-It's All About KnowledgeIt’s All About Knowledge

The trouble with measuring performance on outbreaks is that not all of the outbreaks are discovered. That’s why 35% of IT professionals like to monitor vulnerabilities and eliminate those.

6-Time Waits for No OneTime Waits for No One

Just 13% of IT pros are concerned about the mean time to detect a security incident, while only 8% measured how long it took to fix a security problem.

7-The Cost of Doing BusinessThe Cost of Doing Business

52% of IT professionals evaluate performance based on their ability to reduce the cost of security management.

8-A Lack of MeasuringA Lack of Measuring

Once again, time is largely an afterthought, with only 5% of IT pros indicating that the length of time to contain security breaches and exploits is measured in their department.

9-Budgets, Budgets, BudgetsBudgets, Budgets, Budgets

49% of security professionals say they’re judged based on their ability to effectively stay within budget.

10-What About the Training?What About the Training?

IT professionals want business-side employees to receive the proper security training they need to reduce the types of risky behavior that sends corporate networks into lockdown.