The survey found that the increase in regulations, data breaches and issues such as cloud computing and personal technology in the workplace are accelerating risk.
“IT cannot be managed in a vacuum. Increasing government regulations, consumer privacy concerns and hacktivist attacks are challenging enterprise IT assets in new ways,” said Tony Noble, CISA, a member of ISACA’s Guidance and Practices Committee and vice president of IT audit, Viacom. “The study also reveals that the business side of the organization believes IT is managed in a silo, which indicates an opportunity for better aligning business with IT to unlock greater value.”
Key business issues affecting IT are:
- Regulatory compliance
- Enterprise-based IT management and governance
- Information security management
- Disaster recovery/business continuity.
Enterprises need to manage growth in a challenging global economy while complying with more regulations and standards. Within this topic, the top-ranked technology concern (chosen by 53 percent of respondents) was segregation of duties and privileged access monitoring.
Managing IT project risk
The survey shows that there is a growing focus on enterprise-based IT management and the governance of enterprise IT (GEIT). Managing IT project risk tops the list of concerns within this area, rated as most important by 45 percent.
Increased security breaches
A top concern expressed by ISACA members was the lack of senior management involvement in setting direction for information security, which was ranked as important or very important by 80 percent of responses.
“WikiLeaks, the Zeus botnet and a rise in identity theft show that the variety and volume of threats is rising. Security is everyone’s business, not just IT’s. Organizations need top-down commitment,” noted Greg Grocholski, CISA, director, ISACA and corporate auditor, The Dow Chemical Co.
Lack of awareness
All business activity is at risk for disruption, yet continuity remains an elusive goal. According to the survey, the biggest problem (87 percent) is the lack of awareness among business managers that they are responsible for being able to maintain critical functions throughout a disaster.
The complete report is available here (registration required).