Too many companies fail when it comes to taking basic steps to prevent security incidents, even in the face of catastrophic cyberattacks. Nowhere is that more evident than with IT security compliance audits.
As shown in Figure 3 from our full report, IT Security Compliance Audit Adoption and Best Practices, it is alarming that only 42% of respondents conduct security audits formally and consistently.
Security compliance audits involve periodically auditing users and IT staff to ensure that security policies and procedures are followed. This best practice is a mandate for every organization, particularly those managing personal information such as patient healthcare records and those processing credit card and other financial transactions. Having robust security policies and practices in place is of little value if they are not enforced. Among other benefits, audits help ensure that employees do not create security risks by violating policies and procedures. Periodic training, including refresher exercises, is a best practice in enforcement of security policies.
Many organizations have learned the hard way that establishing security policies and implementing the best security technology is not enough. Follow-up to be certain that these standards are being maintained is equally, if not more, important. This is where the IT security compliance audit comes into play.
“Many companies think their IT security is up to snuff, but unfortunately too many of them are not consistently using the most important security best practices, such as compliance audits,” said Tom Dunlap, director of research for Computer Economics, based in Irvine, Calif. “With this track record, is it any wonder we keep getting hit with security debacles like Equifax and Uber? Companies need to wake up and smell the compliance.”
As security gets more complex, and enterprises face a wider array of threats, reinforcing existing policies and procedures can go a long way to protecting an enterprise. In the full study, we first look at adoption trends for IT security compliance audits by organization size and sector. We also discuss the steps an IT organization should take to implement such audits. Finally, we provide recommendations for monitoring the success of security audits.
This Research Byte is a brief overview of our report on this subject, IT Security Compliance Audit Adoption and Best Practices. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).
Avasant’s research and other publications are based on information from the best available sources and Avasant’s independent assessment and analysis at the time of publication. Avasant takes no responsibility and assumes no liability for any error/omission or the accuracy of information contained in its research publications. Avasant does not endorse any provider, product or service described in its RadarView™ publications or any other research publications that it makes available to its users, and does not advise users to select only those providers recognized in these publications. Avasant disclaims all warranties, expressed or implied, including any warranties of merchantability or fitness for a particular purpose. None of the graphics, descriptions, research, excerpts, samples or any other content provided in the report(s) or any of its research publications may be reprinted, reproduced, redistributed or used for any external commercial purpose without prior permission from Avasant, LLC. All rights are reserved by Avasant, LLC.
Login to get free content each month and build your personal library at Avasant.com
