The latest benchmark research report from the IT Policy Compliance Group identifies the practices and guidance for information security and IT audit that are most responsible for the lowest rates of data theft and loss, the highest service-levels, and the least problems with audit.

Extent of practices covered Communications about directions and aims Managing processes and the organization Managing the information architecture Managing human resources Acquiring and managing IT assets Managing information and data Managing operations Ensuring systems security Monitoring and evaluating Managing quality Managing risks Governance

Covering more than 100 of the most common practices for information security and IT audit, the report also identifies guidance for practices that are responsible for better outcomes, including managing:

• The integrity of information
• Compliance with regulatory audit
• Business risks related to the use of IT
• Information security practices and procedures
• Information security policies

Find out which of the following forms of practice guidance are resulting in better outcomes while requiring more, or less, customization to implement:

CIS benchmarks	FISMA	ITIL	PCI
CobiT	FIPS	NERC CIP	SCAP
COSO	HIPAA	NIST	SDLC
CVE	ISO	Octave and RiskNav	Vendor guides

From among more than 100 practices implemented by more than 3,000 organizations, the report identifies the 12 primary baseline and top 10 practices that are most responsible for the lowest incidents of data loss, the highest IT service levels and the fewest problems with regulatory audit.

Find out what the minimum 12 baseline best practices and the top 10 best practices for information security and IT audit are, why these practices matter, how your practices compare with these, and why the practices matter including their impact on:

• Top-line business results
• Audit expenses
• Time and labor costs
• Business service-levels and downtime
• Financial exposure and loss from the loss or theft of data