Based on our research and a multitude of discussions with CISO’s, Audit Executives and CIO’s our team has identified five common opportunities to improve the information security program.
1. Decision support for information security initiatives
2. Prioritizing resources on the right priorities to effect the greatest improvement
3. Establish meaningful investments across the security program to grow shareholder value
4. Consistent reporting of key process indicators
5. Communicate the changing risk, based on impacts to key security processes
How well the above activities are accomplished will depend on how effective communication with leadership and the Board of Directors perceive the information shared. Many industry polls reflect the dissatisfaction level of outside Directors satisfaction with information security status shared at regular meetings.
According to a recent study conducted by PwC, the leading obstacle to information security by executive management was the lack of an actionable
vision or understanding. See image on right. How are you as a security leader defining this actionable vision in business terms and communicating that vision effectively with your executive peers? TrustMAPP was developed to help security leaders effectively communicate the vision and investments required to address identified improvements to effect the desired change.