Security Friction
PREPARED FOR: Joe Computerguy Computer Business Inc. 2014-03-21
Business Responses Only
Business Satisfaction with IT Security
Computer Business Inc.
# of Employees
37 6
# of Responses
6 37
Response Rate
100.0%
Business satisfaction is defined as confidence in important security areas and minimal friction for business processes.
Security Importance and Confidence
Security Friction Address high friction areas with the business and modify security practices as necessary.
Identify the business perspective on security importance and confidence at the department and organizational level. Low importance scores for "My Department" might reflect under-valuing their own day-to-day security practices. Similarly, low confidence scores might reveal hidden vulnerabilities (e.g., staff sharing passwords).
Security Friction Overall Overall, how much friction do IT security practices create for business processes?
Importance and Confidence for Overall Security
Friction for the Business
Average
Overall, how important is IT security to your organization/department?
Importance to the Organization
Average
50%
50%
Importance to My Department
High
63% Average
50%
50%
Medium
17%
83%
33%
50%
Confidence in Security for My Department
33%
72%
33%
Low
33%
17%
50%
Mobility (Remote & Mobile Access) 50%
33%
17%
Desktop Computing High
70% Average
33%
Minimal Friction
How much do the IT security practices in these areas create friction for business processes?
Average
17%
Moderate Friction
Security Friction Detailed Breakdown
Overall, how confident are you in the existing IT security practices for your organization/department?
Confidence in the Organization's Overall Security
58%
Significant Friction
65%
50%
50%
Regulatory Compliance 33%
Medium
33%
33%
Data Access/Integrity Minimal Friction
Low
Moderate Friction
Significant Friction
Importance vs. Confidence Detailed Breakdown
Responsibility for Security Governance
Target improvement efforts on areas with high Confidence Shortfalls (i.e., confidence lower than importance). How important are IT security practices in these areas?
Shared IT-business responsibility for security governance (e.g., risk analysis) leads to better alignment and greater understanding of risk tolerance, security priorities, and acceptable security practices.
How confident are you in the existing IT security practices in these areas?
Who should have responsibility for these IT security governance areas?
Mobility (Remote & Mobile Access) Desktop Computing Importance Confidence Confidence Shortfall
Regulatory Compliance Data Access/Integrity
67% 62% 58% 70% 65% 70% 70% 57%
IT
Joint Responsibility
Business
Risk Analysis/Risk Tolerance Policy and Process Creation Compliance Management Security Culture 13.3%
TEST DOCUMENT
2
IT Responses Only
IT Satisfaction with IT Security
Computer Business Inc.
# of Employees
18 3
# of Responses
3 18
Response Rate
100.0%
Business satisfaction is defined as confidence in important security areas and minimal friction for business processes.
Security Importance and Confidence
Security Friction Address high friction areas with the business and modify security practices as necessary.
Identify the business perspective on security importance and confidence at the department and organizational level. Low importance scores for "My Department" might reflect under-valuing their own day-to-day security practices. Similarly, low confidence scores might reveal hidden vulnerabilities (e.g., staff sharing passwords).
Security Friction Overall Overall, how much friction do IT security practices create for business processes?
Importance and Confidence for Overall Security
Friction for the Business
Average
Overall, how important is IT security to your organization/department?
Importance to the Organization
33%
Average
33%
33%
Importance to My Department
High
73%
Medium
Average
33%
67%
33%
67%
33%
Confidence in Security for My Department
80%
100%
Low Mobility (Remote & Mobile Access) 33%
67%
67%
Desktop Computing High
60%
67%
33%
Regulatory Compliance 100%
Medium
Average
33%
Minimal Friction
How much do the IT security practices in these areas create friction for business processes?
Average
67%
Moderate Friction
Security Friction Detailed Breakdown
Overall, how confident are you in the existing IT security practices for your organization/department?
Confidence in the Organization's Overall Security
43%
Significant Friction
80%
Data Access/Integrity Minimal Friction
Low
Moderate Friction
Significant Friction
Importance vs. Confidence Detailed Breakdown
Responsibility for Security Governance
Target improvement efforts on areas with high Confidence Shortfalls (i.e., confidence lower than importance). How important are IT security practices in these areas?
Shared IT-business responsibility for security governance (e.g., risk analysis) leads to better alignment and greater understanding of risk tolerance, security priorities, and acceptable security practices.
How confident are you in the existing IT security practices in these areas?
Who should have responsibility for these IT security governance areas?
Mobility (Remote & Mobile Access) Desktop Computing Importance Confidence Confidence Shortfall
Regulatory Compliance Data Access/Integrity
77% 53% 60% 60% 40% 47% 63% 63%
IT 23.3%
Joint Responsibility
Business
Risk Analysis/Risk Tolerance Policy and Process Creation Compliance Management Security Culture
TEST DOCUMENT
3
IT & Business Responses
IT-Business Alignment
# of Responses
9 55 9 55
Response Rate
100.0%
# of Employees
Computer Business Inc.
Identify gaps between IT and the business, and use that to drive alignment exercises.
Security Importance How important are IT security practices in these areas?
Security Confidence Business's Response
How confident are you in the existing IT security practices in these areas?
IT's Response
0%
100% 67%
Mobility
58% 60% 65%
Desktop Computing Regulatory Compliance
77%
40%
Data Access/Integrity
63%
GAP LEGEND
70%
0-15%
Well-Aligned
Gap%
Mobility
2%
Desktop Computing
25%
Regulatory Compliance
7%
Data Access/Integrity
Security Friction
100% 53%
62% 60%
47% 57%
Review and Consider Alignment Exercise
31+ %
Gap% 8%
70%
10%
70%
23% 7%
63%
Conduct Alignment Exercise
Responsibility for Security Governance
How much do the IT security practices in these areas create friction for business processes?
Business's Response
0% 63% 60% 52%
Desktop Computing
80%
38% 37%
Regulatory Compliance 23%
53%
Who should have responsibility for these IT security governance areas?
IT's Response
100%
Mobility
Data Access/Integrity
IT's Response
0%
10% 15%
16-30%
Business's Response
Gap%
IT
IT
Business
Joint Responsibility
Business
Gap%
3%
Risk Analysis/Risk Tolerance
17%
28%
Policy and Process Creation
17%
2%
Compliance Management
2%
30%
Security Culture
15%
Follow These Steps to Close Gaps and Improve Satisfaction 1. Meet with business users to explore scores that are misaligned – e.g., are confidence gaps due to perception only or are concerns founded in sub-optimal security practices? 2. For importance and confidence gaps, identify the root cause and review related practices. For example, if mobility confidence is low, is the underlying concern protecting data on mobile devices or preventing malware attacks? Similarly, if mobility security has a high importance score due to data concerns, then also review overall data access/integrity security concerns. 3. For security satisfaction low scores and gaps, identify the specific practices that are deemed too restrictive or cumbersome, and the underlying causes of dissatisfaction. For example, if remote access friction is actually due to usability issues with the VPN client and not security policies, then the issue may be solved by exploring alternative VPN client solutions. In other cases, it may be necessary to re-align end-user perspectives on security requirements. 4. For governance responsibility gaps, determine the potential points of friction (e.g., time commitment) to move towards joint responsibility so you can have an informed discussion of what is appropriate. For example, joint responsibility does not mean identical time commitments. In risk analysis, for example, it's still IT's responsibility to identify and present risks and mitigation options; the business role is to provide feedback on risk tolerance. 5. Leverage Info-Tech's Security Effectiveness reports for a deeper review of security practices.
TEST DOCUMENT
4
IT & Business Responses
Satisfaction by Department
Computer Business Inc.
# of Responses
9 55 9 55
Response Rate
100.0%
# of Employees
The overall Importance, Confidence, and Friction scores by department are provided below. For a detailed breakdown, see the Department View pages.
IT
Finance Importance - Organization
73.3333%
Importance - Organization
Importance - My Department
80.0%
Importance - My Department
Confidence - Organization
60.0%
Confidence - My Department Security Friction
80.0% 93.3333%
Confidence - Organization 80.0%
70.0%
Confidence - My Department
43.3333%
Security Friction
76.6667% 46.6667%
Sales Importance - Organization Importance - My Department Confidence - Organization Confidence - My Department Security Friction
46.6667% 50.0% 70.0% 53.3333% 70.0%
TEST DOCUMENT
5
Department View:
Computer Business Inc.
Finance Satisfaction with IT Security
# of Employees
3
# of Responses
3
Response Rate
100.0%
Business satisfaction is defined as confidence in important security areas and minimal friction for business processes.
Security Importance and Confidence
Security Friction Address high friction areas with the business and modify security practices as necessary.
Identify the business perspective on security importance and confidence at the department and organizational level. Low importance scores for "My Department" might reflect under-valuing their own day-to-day security
Security Friction Overall
practices. Similarly, low confidence scores might reveal hidden vulnerabilities (e.g., staff sharing passwords).
Overall, how much friction do IT security practices create for business processes?
Importance and Confidence for Overall Security
Friction for the Business
Overall, how important is IT security to your organization/department?
Importance to the Organization
Average
33%
67%
Importance to My Department
High
80%
Medium
Average
100%
33%
33%
33%
Confidence in Security for My Department
93%
Low
67%
Minimal Friction
33%
33%
33%
67%
33%
Mobility (Remote & Mobile Access) Desktop Computing
High
70%
33%
67%
33%
67%
Regulatory Compliance Medium
Average
33%
47%
Moderate Friction
How much do the IT security practices in these areas create friction for business processes?
Average
33%
67%
Significant Friction
Security Friction Detailed Breakdown
Overall, how confident are you in the existing IT security practices for your organization/department?
Confidence in the Organization's Overall Security
Average
77%
Data Access/Integrity Minimal Friction
Low
Moderate Friction
Significant Friction
Importance vs. Confidence Detailed Breakdown
Responsibility for Security Governance
Target improvement efforts on areas with high Confidence Shortfalls (i.e., confidence lower than importance). How important are IT security practices in these areas?
Shared IT-business responsibility for security governance (e.g., risk analysis) leads to better alignment and greater understanding of risk tolerance, security priorities, and acceptable security practices.
How confident are you in the existing IT security practices in these areas?
Who should have responsibility for these IT security governance areas?
Mobility (Remote & Mobile Access) Desktop Computing Importance Confidence Confidence Shortfall
Regulatory Compliance Data Access/Integrity
63% 67% 63% 70% 80% 63% 73% 60%
IT
Joint Responsibility
Business
Risk Analysis/Risk Tolerance Policy and Process Creation Compliance Management
16.7%
Security Culture
13.3%
TEST DOCUMENT
6
Department View:
Computer Business Inc.
Sales Satisfaction with IT Security
# of Employees
34 3
# of Responses
34 3
Response Rate
100.0%
Business satisfaction is defined as confidence in important security areas and minimal friction for business processes.
Security Importance and Confidence
Security Friction Address high friction areas with the business and modify security practices as necessary.
Identify the business perspective on security importance and confidence at the department and organizational level. Low importance scores for "My Department" might reflect under-valuing their own day-to-day security practices. Similarly, low confidence scores might reveal hidden vulnerabilities (e.g., staff sharing passwords).
Security Friction Overall Overall, how much friction do IT security practices create for business processes?
Importance and Confidence for Overall Security
Friction for the Business
Average
Overall, how important is IT security to your organization/department?
Importance to the Organization
Average
67%
33%
Importance to My Department
High
47% Average
100%
Medium
100%
67%
Confidence in Security for My Department
50%
33%
Low
67%
67%
Mobility (Remote & Mobile Access) 33%
33%
33%
67%
33%
Desktop Computing High
70% Average
33%
Minimal Friction
How much do the IT security practices in these areas create friction for business processes?
Average
33%
Moderate Friction
Security Friction Detailed Breakdown
Overall, how confident are you in the existing IT security practices for your organization/department?
Confidence in the Organization's Overall Security
70%
Significant Friction
53%
Regulatory Compliance 33%
Medium
67%
Data Access/Integrity Minimal Friction
Low
Moderate Friction
Significant Friction
Importance vs. Confidence Detailed Breakdown
Responsibility for Security Governance
Target improvement efforts on areas with high Confidence Shortfalls (i.e., confidence lower than importance). How important are IT security practices in these areas?
Shared IT-business responsibility for security governance (e.g., risk analysis) leads to better alignment and greater understanding of risk tolerance, security priorities, and acceptable security practices.
How confident are you in the existing IT security practices in these areas?
Who should have responsibility for these IT security governance areas?
Mobility (Remote & Mobile Access) Desktop Computing Importance Confidence Confidence Shortfall
Regulatory Compliance Data Access/Integrity
70% 57% 53% 70% 50% 77% 67% 53%
IT 13.3%
Joint Responsibility
Business
Risk Analysis/Risk Tolerance Policy and Process Creation Compliance Management Security Culture
13.3%
TEST DOCUMENT
7
Feedback
Computer Business Inc.
# of Employees
9 55
# of Responses
9 55
Response Rate
100.0%
What is the biggest pain point in terms of IT security interfering with your work? What would you like to see done differently?
FINANCE Luke Stewart - Comment text Danny Black - Comment text Debbie Slater - Comment text
Sandy Richardson - Comment text John Robert - Comment text
IT Bob Smith - Comment text
SALES Susan Jones - Comment text
Mike Brown - Comment text Bonnie Cook - Comment text
TEST DOCUMENT
8
Scoring Methodology
Computer Business Inc.
Importance and Confidence This chart type is used to present a breakdown of responses as well as an overall average score.
.
Security Friction For security friction, a high score indicates high friction, which is a negative result. Therefore a high score is color-coded as red (not green).
.
Responsibility for Security Governance Security governance is improved when there is joint responsibility between IT and the business. Therefore, a middle score is a positive result and is color-coded as green.
TEST DOCUMENT
9
Business Responses Only
Business Satisfaction with IT Security
Computer Business Inc.
# of Employees
37 6
# of Responses
6 37
Response Rate
100.0%
Business satisfaction is defined as confidence in important security areas and minimal friction for business processes.
Security Importance and Confidence
Security Friction Address high friction areas with the business and modify security practices as necessary.
Identify the business perspective on security importance and confidence at the department and organizational level. Low importance scores for "My Department" might reflect under-valuing their own day-to-day security practices. Similarly, low confidence scores might reveal hidden vulnerabilities (e.g., staff sharing passwords).
Security Friction Overall Overall, how much friction do IT security practices create for business processes?
Importance and Confidence for Overall Security
Friction for the Business
Average
Overall, how important is IT security to your organization/department?
Importance to the Organization
Average
50%
50%
Importance to My Department
High
63% Average
50%
50%
Medium
17%
83%
33%
50%
Confidence in Security for My Department
33%
72%
33%
Low
33%
17%
50%
Mobility (Remote & Mobile Access) 50%
33%
17%
Desktop Computing High
70% Average
33%
Minimal Friction
How much do the IT security practices in these areas create friction for business processes?
Average
17%
Moderate Friction
Security Friction Detailed Breakdown
Overall, how confident are you in the existing IT security practices for your organization/department?
Confidence in the Organization's Overall Security
58%
Significant Friction
65%
50%
50%
Regulatory Compliance 33%
Medium
33%
33%
Data Access/Integrity Minimal Friction
Low
Moderate Friction
Significant Friction
Importance vs. Confidence Detailed Breakdown
Responsibility for Security Governance
Target improvement efforts on areas with high Confidence Shortfalls (i.e., confidence lower than importance). How important are IT security practices in these areas?
Shared IT-business responsibility for security governance (e.g., risk analysis) leads to better alignment and greater understanding of risk tolerance, security priorities, and acceptable security practices.
How confident are you in the existing IT security practices in these areas?
Who should have responsibility for these IT security governance areas?
Mobility (Remote & Mobile Access) Desktop Computing Importance Confidence Confidence Shortfall
Regulatory Compliance Data Access/Integrity
67% 62% 58% 70% 65% 70% 70% 57%
IT
Joint Responsibility
Business
Risk Analysis/Risk Tolerance Policy and Process Creation Compliance Management Security Culture 13.3%
TEST DOCUMENT
2
IT Responses Only
IT Satisfaction with IT Security
Computer Business Inc.
# of Employees
18 3
# of Responses
3 18
Response Rate
100.0%
Business satisfaction is defined as confidence in important security areas and minimal friction for business processes.
Security Importance and Confidence
Security Friction Address high friction areas with the business and modify security practices as necessary.
Identify the business perspective on security importance and confidence at the department and organizational level. Low importance scores for "My Department" might reflect under-valuing their own day-to-day security practices. Similarly, low confidence scores might reveal hidden vulnerabilities (e.g., staff sharing passwords).
Security Friction Overall Overall, how much friction do IT security practices create for business processes?
Importance and Confidence for Overall Security
Friction for the Business
Average
Overall, how important is IT security to your organization/department?
Importance to the Organization
33%
Average
33%
33%
Importance to My Department
High
73%
Medium
Average
33%
67%
33%
67%
33%
Confidence in Security for My Department
80%
100%
Low Mobility (Remote & Mobile Access) 33%
67%
67%
Desktop Computing High
60%
67%
33%
Regulatory Compliance 100%
Medium
Average
33%
Minimal Friction
How much do the IT security practices in these areas create friction for business processes?
Average
67%
Moderate Friction
Security Friction Detailed Breakdown
Overall, how confident are you in the existing IT security practices for your organization/department?
Confidence in the Organization's Overall Security
43%
Significant Friction
80%
Data Access/Integrity Minimal Friction
Low
Moderate Friction
Significant Friction
Importance vs. Confidence Detailed Breakdown
Responsibility for Security Governance
Target improvement efforts on areas with high Confidence Shortfalls (i.e., confidence lower than importance). How important are IT security practices in these areas?
Shared IT-business responsibility for security governance (e.g., risk analysis) leads to better alignment and greater understanding of risk tolerance, security priorities, and acceptable security practices.
How confident are you in the existing IT security practices in these areas?
Who should have responsibility for these IT security governance areas?
Mobility (Remote & Mobile Access) Desktop Computing Importance Confidence Confidence Shortfall
Regulatory Compliance Data Access/Integrity
77% 53% 60% 60% 40% 47% 63% 63%
IT 23.3%
Joint Responsibility
Business
Risk Analysis/Risk Tolerance Policy and Process Creation Compliance Management Security Culture
TEST DOCUMENT
3
IT & Business Responses
IT-Business Alignment
# of Responses
9 55 9 55
Response Rate
100.0%
# of Employees
Computer Business Inc.
Identify gaps between IT and the business, and use that to drive alignment exercises.
Security Importance How important are IT security practices in these areas?
Security Confidence Business's Response
How confident are you in the existing IT security practices in these areas?
IT's Response
0%
100% 67%
Mobility
58% 60% 65%
Desktop Computing Regulatory Compliance
77%
40%
Data Access/Integrity
63%
GAP LEGEND
70%
0-15%
Well-Aligned
Gap%
Mobility
2%
Desktop Computing
25%
Regulatory Compliance
7%
Data Access/Integrity
Security Friction
100% 53%
62% 60%
47% 57%
Review and Consider Alignment Exercise
31+ %
Gap% 8%
70%
10%
70%
23% 7%
63%
Conduct Alignment Exercise
Responsibility for Security Governance
How much do the IT security practices in these areas create friction for business processes?
Business's Response
0% 63% 60% 52%
Desktop Computing
80%
38% 37%
Regulatory Compliance 23%
53%
Who should have responsibility for these IT security governance areas?
IT's Response
100%
Mobility
Data Access/Integrity
IT's Response
0%
10% 15%
16-30%
Business's Response
Gap%
IT
IT
Business
Joint Responsibility
Business
Gap%
3%
Risk Analysis/Risk Tolerance
17%
28%
Policy and Process Creation
17%
2%
Compliance Management
2%
30%
Security Culture
15%
Follow These Steps to Close Gaps and Improve Satisfaction 1. Meet with business users to explore scores that are misaligned – e.g., are confidence gaps due to perception only or are concerns founded in sub-optimal security practices? 2. For importance and confidence gaps, identify the root cause and review related practices. For example, if mobility confidence is low, is the underlying concern protecting data on mobile devices or preventing malware attacks? Similarly, if mobility security has a high importance score due to data concerns, then also review overall data access/integrity security concerns. 3. For security satisfaction low scores and gaps, identify the specific practices that are deemed too restrictive or cumbersome, and the underlying causes of dissatisfaction. For example, if remote access friction is actually due to usability issues with the VPN client and not security policies, then the issue may be solved by exploring alternative VPN client solutions. In other cases, it may be necessary to re-align end-user perspectives on security requirements. 4. For governance responsibility gaps, determine the potential points of friction (e.g., time commitment) to move towards joint responsibility so you can have an informed discussion of what is appropriate. For example, joint responsibility does not mean identical time commitments. In risk analysis, for example, it's still IT's responsibility to identify and present risks and mitigation options; the business role is to provide feedback on risk tolerance. 5. Leverage Info-Tech's Security Effectiveness reports for a deeper review of security practices.
TEST DOCUMENT
4
IT & Business Responses
Satisfaction by Department
Computer Business Inc.
# of Responses
9 55 9 55
Response Rate
100.0%
# of Employees
The overall Importance, Confidence, and Friction scores by department are provided below. For a detailed breakdown, see the Department View pages.
IT
Finance Importance - Organization
73.3333%
Importance - Organization
Importance - My Department
80.0%
Importance - My Department
Confidence - Organization
60.0%
Confidence - My Department Security Friction
80.0% 93.3333%
Confidence - Organization 80.0%
70.0%
Confidence - My Department
43.3333%
Security Friction
76.6667% 46.6667%
Sales Importance - Organization Importance - My Department Confidence - Organization Confidence - My Department Security Friction
46.6667% 50.0% 70.0% 53.3333% 70.0%
TEST DOCUMENT
5
Department View:
Computer Business Inc.
Finance Satisfaction with IT Security
# of Employees
3
# of Responses
3
Response Rate
100.0%
Business satisfaction is defined as confidence in important security areas and minimal friction for business processes.
Security Importance and Confidence
Security Friction Address high friction areas with the business and modify security practices as necessary.
Identify the business perspective on security importance and confidence at the department and organizational level. Low importance scores for "My Department" might reflect under-valuing their own day-to-day security
Security Friction Overall
practices. Similarly, low confidence scores might reveal hidden vulnerabilities (e.g., staff sharing passwords).
Overall, how much friction do IT security practices create for business processes?
Importance and Confidence for Overall Security
Friction for the Business
Overall, how important is IT security to your organization/department?
Importance to the Organization
Average
33%
67%
Importance to My Department
High
80%
Medium
Average
100%
33%
33%
33%
Confidence in Security for My Department
93%
Low
67%
Minimal Friction
33%
33%
33%
67%
33%
Mobility (Remote & Mobile Access) Desktop Computing
High
70%
33%
67%
33%
67%
Regulatory Compliance Medium
Average
33%
47%
Moderate Friction
How much do the IT security practices in these areas create friction for business processes?
Average
33%
67%
Significant Friction
Security Friction Detailed Breakdown
Overall, how confident are you in the existing IT security practices for your organization/department?
Confidence in the Organization's Overall Security
Average
77%
Data Access/Integrity Minimal Friction
Low
Moderate Friction
Significant Friction
Importance vs. Confidence Detailed Breakdown
Responsibility for Security Governance
Target improvement efforts on areas with high Confidence Shortfalls (i.e., confidence lower than importance). How important are IT security practices in these areas?
Shared IT-business responsibility for security governance (e.g., risk analysis) leads to better alignment and greater understanding of risk tolerance, security priorities, and acceptable security practices.
How confident are you in the existing IT security practices in these areas?
Who should have responsibility for these IT security governance areas?
Mobility (Remote & Mobile Access) Desktop Computing Importance Confidence Confidence Shortfall
Regulatory Compliance Data Access/Integrity
63% 67% 63% 70% 80% 63% 73% 60%
IT
Joint Responsibility
Business
Risk Analysis/Risk Tolerance Policy and Process Creation Compliance Management
16.7%
Security Culture
13.3%
TEST DOCUMENT
6
Department View:
Computer Business Inc.
Sales Satisfaction with IT Security
# of Employees
34 3
# of Responses
34 3
Response Rate
100.0%
Business satisfaction is defined as confidence in important security areas and minimal friction for business processes.
Security Importance and Confidence
Security Friction Address high friction areas with the business and modify security practices as necessary.
Identify the business perspective on security importance and confidence at the department and organizational level. Low importance scores for "My Department" might reflect under-valuing their own day-to-day security practices. Similarly, low confidence scores might reveal hidden vulnerabilities (e.g., staff sharing passwords).
Security Friction Overall Overall, how much friction do IT security practices create for business processes?
Importance and Confidence for Overall Security
Friction for the Business
Average
Overall, how important is IT security to your organization/department?
Importance to the Organization
Average
67%
33%
Importance to My Department
High
47% Average
100%
Medium
100%
67%
Confidence in Security for My Department
50%
33%
Low
67%
67%
Mobility (Remote & Mobile Access) 33%
33%
33%
67%
33%
Desktop Computing High
70% Average
33%
Minimal Friction
How much do the IT security practices in these areas create friction for business processes?
Average
33%
Moderate Friction
Security Friction Detailed Breakdown
Overall, how confident are you in the existing IT security practices for your organization/department?
Confidence in the Organization's Overall Security
70%
Significant Friction
53%
Regulatory Compliance 33%
Medium
67%
Data Access/Integrity Minimal Friction
Low
Moderate Friction
Significant Friction
Importance vs. Confidence Detailed Breakdown
Responsibility for Security Governance
Target improvement efforts on areas with high Confidence Shortfalls (i.e., confidence lower than importance). How important are IT security practices in these areas?
Shared IT-business responsibility for security governance (e.g., risk analysis) leads to better alignment and greater understanding of risk tolerance, security priorities, and acceptable security practices.
How confident are you in the existing IT security practices in these areas?
Who should have responsibility for these IT security governance areas?
Mobility (Remote & Mobile Access) Desktop Computing Importance Confidence Confidence Shortfall
Regulatory Compliance Data Access/Integrity
70% 57% 53% 70% 50% 77% 67% 53%
IT 13.3%
Joint Responsibility
Business
Risk Analysis/Risk Tolerance Policy and Process Creation Compliance Management Security Culture
13.3%
TEST DOCUMENT
7
Feedback
Computer Business Inc.
# of Employees
9 55
# of Responses
9 55
Response Rate
100.0%
What is the biggest pain point in terms of IT security interfering with your work? What would you like to see done differently?
FINANCE Luke Stewart - Comment text Danny Black - Comment text Debbie Slater - Comment text
Sandy Richardson - Comment text John Robert - Comment text
IT Bob Smith - Comment text
SALES Susan Jones - Comment text
Mike Brown - Comment text Bonnie Cook - Comment text
TEST DOCUMENT
8
Scoring Methodology
Computer Business Inc.
Importance and Confidence This chart type is used to present a breakdown of responses as well as an overall average score.
.
Security Friction For security friction, a high score indicates high friction, which is a negative result. Therefore a high score is color-coded as red (not green).
.
Responsibility for Security Governance Security governance is improved when there is joint responsibility between IT and the business. Therefore, a middle score is a positive result and is color-coded as green.
TEST DOCUMENT
9
