Regulatory compliance is the strongest security driver published a research showing that regulatory compliance has emerged as the biggest driver of information security initiatives, trumping concerns such as worms and viruses for the first time, according to Ernst & Young’s survey of 1,300 organizations worldwide.

Nearly two-thirds of respondents said compliance is the primary driver of information security at their businesses, followed by worms and viruses and meeting business objectives. However, IT organizations and information security groups are failing to take advantage of compliance-related concerns to rearchitect their security organizations.

For example, nearly 90% of those implementing security measures to comply with regulations are focusing on issues such as policies, procedures training and awareness campaigns. Only 41% are also reorganizing their information security function and their architectures as part of the compliance process.

As the focus on general corporate governance and maturity of overall risk management increases, security professionals are being asked not just about the headline issues, but about the broad picture of information security control.

The survey results highlight the growing pressure regulations are putting on information security organizations. At the same time, it also underscores a growing trend by many to use compliance as an excuse for all security spending. Often, technologies that need to be implemented anyway are being described as compliance-related to get executive buy-in.

The two areas where compliance-related efforts have resulted in increased spending are security event management tools and identity management and password management technologies. But in general, the increased investments in these areas comes at the expense of spending in other areas. As a result, the overall spending on information security itself has not increased significantly.

This blog is run by the authors of Find Protected, an effective information security solution.

Leave a Reply