The six secrets of highly secure organizations

CIO Magazine has published the results of its 2004 Global Information Security Survey, including The Six Secrets of Highly Secure Organizations:

1. Spend more: U.S. respondents said infosecurity accounts for less than 9 percent of their IT budgets. (Globally, it's 11 percent.) The Best Practices Group claimed 14 percent.

2. Separate information security from IT and then merge it with physical security. These disciplines can either exist under a single CSO or as separate entities governed by an executive security committee.

3. Conduct a penetration test to patch up network and application security, and perform a complete security audit to identify threats to employees and intellectual property.

4. Create a comprehensive risk assessment process to classify and prioritize threats and vulnerabilities.

5. Define your overall security architecture and plan from the previous three steps.

6. Establish a quarterly review process, using metrics (for example, employee compliance rates) to measure your security's effectiveness. This will help you to use your increased resources more efficiently.