ISACA International Study: Securing Personal Identity Information Among Companies’ Top Struggles
August 2008 by Marc Jacob
Securing personally identifiable information (PII) is a top concern facing business and technology executives this year, according to a survey of more than 3,100 professionals in more than 95 countries. Conducted by ISACA, a nonprofit association that serves more than 86,000 IT governance professionals worldwide, the study identified the top seven business issues impacted by technology. The findings are available in Top Business/Technology Issues Survey Results, offered as a free download at www.isaca.org/downloads.
Respondents ranked the following business issues as the top seven from 21 options:
1. Regulatory compliance, specifically protecting PII and implementing transaction monitoring
2. Enterprise-based management and IT governance
3. Information security management
4. Disaster recovery/business continuity
5. IT value management
6. Challenges of managing IT risks
7. Compliance with financial reporting
“The cost of losing or compromising the integrity of PII is also leading to a renewed focus on information security,” said Greg Grocholski, chair of ISACA’s Assurance Committee and senior finance director at Dow Chemical. “The survey shows that 81 percent of the 1,600 respondents who named information security management as a number 3 concern said that security risks are not fully known or are only partially assessed using technology.”
Enterprises continue to make increasingly large-scale investments in IT and IT-enabled change, making it even more challenging to ensure compliance with the growing number of international regulations across all industries. According to the survey, this effort is made less difficult when technology is viewed as an integral part of the business.
“Keeping on top of legislative and regulatory requirements is a critical responsibility made more difficult because compliance efforts are still operating in ‘project’ mode and have not yet been embedded into business processes,” said Anthony Noble, member of the ISACA Assurance Committee and vice president of IT audit at Viacom. “IT projects still lack alignment with business objectives at many organizations, and as a result, they are unable to realize business benefits.”
The study also revealed that many enterprises are still not adequately prepared for disasters. According to the results, 80 percent of the 1,500 ISACA members who made business continuity management the number 4 issue said that their business managers and owners are not fully aware of their responsibilities to maintain the ability to perform critical business functions in the event of a disaster.
The survey was conducted online and was open to professionals around the world. The geographic reach of respondents was:
· 37 percent—North America
· 32 percent—Europe/Africa
· 22 percent—Asia
· 5 percent—Central/South America
· 4 percent—Oceania
ISACA will address the business challenges facing technology professionals by offering guidance materials customized for the top business issues. In addition, FAQs for each issue will be available later this year.
With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 9,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.