>enterprise special interests
>smb special interests
>industry special interests
home > guidance > enterprise special interests


Prevent or fix: you decide!


 Firms with the fewest losses or thefts of sensitive data are spending more time protecting IT resources (applications, IT systems and networks) while maintaining policies, standards, and compliance controls.  These firms are also spending less time gathering evidence to determine the effectiveness of controls, and much less time trying to fix problems, including IT vulnerabilities and compliance deficiencies (Figure 1).

 

Figure 1: Prevent or fix: you decide





























Source: IT Policy Compliance Group, 2007

 

Guidance recommendations

 

Actions taken by the leaders are enabling the firms with the least data loss or theft to focus on prevention rather than remediation.  Astute observers should consider:

 

·       Automating IT controls

·       Improving IT controls

·       Delivering training to employees and managing exceptions to policy

·       Increasing the frequency of measurements and reporting

·       Maintaining an inventory of sensitive data

 

 

© IT Policy Compliance Group, 2007

 

 









Industry leaders are spending 144% more on IT security and are experiencing 30% fewer compliance deficiencies. more...



Latest Blog Topics:

Topic : Policy Shapes Outcomes
Topic : Who’s sets objectives: Legal, Business lines or IT?
Topic : Who Manages Information Security?

© 2008 IT Policy Compliance Group, USA, All Rights Reserved.privacy policy | terms of use | contact us