New CISO Impact(TM) Findings from IANS Research Reveal the Five Secrets of High Performing Chief Information Security Officers

Insights gained from surveying more than 1,200 high-performing CISOs and information security teams

BOSTON, MA--(Marketwired - Feb 9, 2017) - Based on more than two years of research, IANS Research, today released its latest findings on best practices to help information security professionals keep their promise -- to safeguard critical assets. The CISO Impact™ provides a unique leadership framework specific to information security. CISO Impact research includes diagnostic data gleaned from more than 1,200 organizations including two best practice models -- 8 Domains of Technical Excellence and 7 Factors of Organizational Engagement. By analyzing this trove of data, IANS has developed the required approaches of high-performing Infosec teams on two critical masteries: Technical Excellence and Organizational Engagement.

"The connected world is a dangerous place, and because of this, CISOs and their teams must lead their organizations to adopt safe business practices," said Stan Dolberg, chief research officer, IANS Research. "However, the challenge remains that many CISOs are leading from a position of little authority or influence. The CISO Impact diagnostic provides specific ways for CISOs to assert information security leadership skills that are commonly found in organizations one step ahead on the maturity curve. Our goal is to inform, contextualize and prioritize where to invest skills, practices, and technologies. Armed with this strong guidance, CISOs can chart their own paths to leadership."

CISO Impact offers comparative industry peer analysis and identifies concrete actions CISOs should consider taking, to progress their programs from where they are today to the next level or "next practices." Furthermore, the Leadership model provides specific ways to weave the information security thought process, criteria, checklists, testing tools, stage gates and risk assessment methods into the fabric of the entire organization.

An example of leading without authority is building alliances for a risk-based approach to information security, an approach where business leaders own the risk. In the CISO Impact dataset, 100% of high performers have gone down that path with success. This is particularly dramatic when compared with lower performers: 3% of these have succeeded on this.

Excerpts from CISO Impact include:

  • High-performing CISOs know the value of engaging to drive change. In the CISO Impact data 3 out of 4 of high performers embrace this approach, compared to 1 in 20 of the low performers
  • 88% of Information Security teams have no formal, ongoing data classification practices
  • A mere 1 in 10 cyber teams have proactive stakeholder engagement programs in place
  • 95% of High Foundational CISOs report into technology
  • More than 60% of High Performers report into Risk and Business roles
  • 84% of High Performers build a cyber cadre -- a unit that can act and speak as one, whether interacting with leadership, middle management, or individuals
  • Only 12% of Information Security teams have mature, ongoing data classification practices
  • Financial firms lead on CISO Impact best practices -- with healthcare, energy, technology and services following behind significantly

Learn more about CISO Impact here.

About IANS Research:
IANS is an information security advisory and consulting firm, serving Fortune-class information security teams and professionals with in-depth insights and decision support regarding their most pressing technical and strategic challenges.

IANS provides access to information security experts who address and solve our clients' challenges as they arise. We help security teams achieve technical excellence and improve engagement with the organization to drive security's impact deeper into the company.

Contact Information:

Media Contact:
Patricia Donahue
Marketing Campaign Manager, IANS