Less than half of IT security managers are effective in their work

A recent study conducted by the firm Gartner bring on the effectiveness of the responsible for IT security organization.

The investigation involved approximately 129 information system security officials.

At the end of the investigation it was proven that the most effective security managers are those who collaborate in a particular way with the manager in the business of their organization, much more than with computer scientists.

This article will also interest you: IT security managers in France face the challenges of network security and performance

It should be noted that the study has been conducted since January 2020. It assessed four areas of intervention by the Information Systems Security Officer. And unfortunately Gartner's survey to show that only 12% of corporate security managers are truly effective in their tasks. The four key points on which the evaluation was carried out are:

– their functional leadership,

– the provision of computer security services,

– large-scale governance,

– the company's responsiveness.

Commenting, Gartner wrote: "A clear trend among the best performing RSSIs is to be particularly proactive." For the research firm, the performance of security officials is observed around 5 key behaviors. This is one of the things that differentiates and evaluates them. "A clear trend among the best performing RSSIs is to be particularly proactive, whether it's keeping abreast of evolving threats, communicating emerging risks to those involved, or having a formal succession plan," says Gartner.

Elsewhere, security officials who meet and interact with many more people in the non-computer field on a regular basis are much more efficient. Unfortunately this only has 12 percent of this. However, 66% of security officials, a large majority therefore demonstrate that they can meet at least once a month with the heads of the technical and commercial units. 45% of them usually meet with the marketing manager. 43% see the CEO while 30% with sales managers. This is not in practice bad in itself because as we know, having contact with those responsible can be important.

"RSSI has historically established working relationships with IT managers, but digital transformation has democratized information security decision-making," the firm warns. "Effective RSSIs closely monitor the evolution of risks in their business and develop strong relationships with the owners of these risks, who are business leaders outside of IT. He adds.

In addition, RSI, considered to be the best performers, were also considered to be the best at managing their stress at work, and positively impacted their employees. Only 27% of information system security managers have demonstrated this ability to effectively manage their stressors. 62% of information system security managers generally feel overloaded by security alerts. 30% of managers believe that expectations of them in the field of computer security are often unrealistic. Some sincerely even that these expectations have nothing to do with security. They make up 50 percent of the worst performing security officials.

"The most effective safety managers are those who can handle the stressors they face on a daily basis. For an RSSI to perform well, it must maintain a clear distinction between work and non-work, explicitly define the expectations of different stakeholders including business managers, and delegate or automate tasks," concludes Gartner. It is simply worth remembering from this firm report that the relationship between the security managers of an information system and the personal it system is an essential part for the development of corporate security. One way of saying, that the protection of enterprise IT systems rests on the shoulders of all employees regardless of the sector in which they work. And it's also an opportunity to understand that cybersecurity goes beyond just computer science. There is also a set of social and moral considerations that will allow us to better understand how cyber malice works.

Now access an unlimited number of passwords: