The Disconnect Between Security and Business
by Gerald Trites
In September, 2008, Bearing Point released a study done on its behalf by Forrester Consulting which is posted on Bearing Point's website.
The study was based on a survey of 175 respondents from business and IT during the summer of 08. The results are useful and sadly predictable. The point of the study was to show the extent to which Security and Business personnel differ in their views of, and roles in, security. Of course, one would expect differences, but also since security is generally recognized as such a critical area from a business point of view, one should also expect some congruence in views.
The study indeed found a high degree of agreement on the governance aspects of security, with over 90% believing that security is a C-Level concern and both groups agreeing that security is important from a business viewpoint.
The study also found, however, that there is a communications gap between the two groups, one that is exacerbated by the culture within the business.
The study has real strategic value for companies trying to establish a more effective organizational approach to security and finding an appropriate balance between security needs and business constraints.