Magazine

Governance: Security is tiny portion of IT budgets

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Does security make the grade in Windows Server 2008?."

Download it now to read this article plus other related content.

A Burton Group survey says security budgets typically make up 2 percent of IT budgets -- lower than earlier estimates of 6 percent to 12 percent -- and that CISOs are having a difficult

    Requires Free Membership to View

time climbing to higher rungs of the corporate ladder. But the news isn't as somber as it appears on the surface.

"I think the lower level is really attributable to the notion that we don't need to spend as much on capital expenditures anymore," says analyst Pete Lindstrom. "We've gotten over the hump in buying all the basic security functions."

Lindstrom says organizations with more centralized security or those late in making major security purchases would typically have a security budget with a greater percentage of the overall IT budget, he says.

"It's somewhat comforting to know that we've reinforced ourselves in a way that makes sense," Lindstrom says.

In addition, respondents say top security executives are typically three levels below the CEO in the organization.

"We have a tendency to call every senior security professional a chief information security officer but it's very unlikely that they report directly to the CEO or even the CIO," says Lindstrom.

Lindstrom says top security executives typically oversee security functions that have been decentralized. For example, patch management duties fall within the client-server administration group or firewall management falls within the network administration group.

Survey respondents say the CEO is more involved with governance risk and compliance projects within the security organization, but less likely to be concerned with the company's security architecture or IT operational security functions, says Lindstrom.

This was first published in February 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: