Hebben ze zich uberhaupt ooit zorgen gemaakt over security?

Het enige waar CIO's van wakker liggen is of ze hun bonussen halen....
En of dat nou ten koste gaat van security, compliance of goed personeel de
bonus zal gehaald worden.. De opvolger mag de puin weer ruimen als de
CEO met zijn zakken vol het bedrijf weer verlaat opzoek naar zijn volgende
uitdaging.

Als je je zaken voor elkaar hebt, lig je nooit ergens wakker van.

Want in dat soort gevallen kan je altijd de verantwoordelijkheid op een
ander afschuiven. (naar boven indien je jezelf echt goed hebt ingedekt)

Sorry voor de grote knip en plak, maar ik lees net bij de bron (onderzoek
staat op frontpage itgi.org) dat de onderzoeksresultaten een stuk
genuanceerder en uitgebreider zijn dan het artikel hierboven.

http://www.itgi.org/AMTemplate.cfm?Section=ITGI_Research_Publications&Template=/ContentManagement/ContentDisplay.cfm&ContentID=24224

Key Findings of the Survey
1. IT is more critical to business than ever.
For 87 percent of the participants, IT is quite to very important to the
delivery of the corporate
strategy and vision. For 63 percent of the respondents, IT is regularly or
always on the board’s agenda.
2. General managers feel more positive toward IT than IT managers do.
Compared to IT managers, general managers attach even more criticality
and importance to IT. In
addition, they are generally more satisfied with IT and with its strategic
alignment with the business.
3. Significant differences amongst industry sectors exist.
IT/telecom and financial services appear to be better performers when it
comes to IT governance,
while the retail and manufacturing industries are lesser performers.
These outcomes are in line with
the degree of strategic importance of IT in these industry sectors.
4. IT staffing is the most important IT-related problem.
When taking into account all aspects of a problem, such as frequency of
occurrence, severity of the
problem and future evolution, IT staffing appears to be the most
important problem in IT.
5. IT security is not the most important IT-related problem.
When taking all dimensions of the problem into account, security (and
compliance) is ranked last of
eight IT problem categories.
6. IT outsourcing is out.
IT outsourcing is no longer seen as the most effective measure to
resolve IT problems. As business
and IT have become increasingly aware of the fact that IT problems
cannot be outsourced, they have
tended to bring control of problematic systems back in-house.
7. Awareness of ISACA and ITGI has increased.
Awareness amongst the general IT population of the ISACA and ITGI
brands has almost tripled
compared to the 2003 survey.
8. Awareness of COBIT has increased.
Awareness in the general population of the existence of COBIT has
increased by 50 percent since
2003, from 18 percent to 27 percent. In addition, one out of six
respondents who know COBIT claims
to know the contents to a great extent.
9. Sarbanes-Oxley has not created the anticipated effect.
The US Sarbanes-Oxley Act extends management responsibilities,
requiring that managers proactively
ensure that financial statements and other public reports are accurate
and complete. This means that
proper IT controls should be in place.
However, a lower than expected number—only 38 percent—of the COBIT
users indicated that
Sarbanes-Oxley legislation or other new accounting-related legislation or
regulation was the reason to
introduce COBIT in their organisation. (The survey did not distinguish
between ‘old’ and ‘new’ COBIT
users, which could explain the result.)
10. IT governance (and COBIT) is not as easily implemented as originally
estimated.
A number of results lead to the conclusion that implementing IT
governance is not as straightforward
as perhaps once thought. The same conclusion can be made regarding
COBIT implementation. Putting
things in perspective, however, these results confirm that:
• Good IT governance practices are not built overnight; they require time
and continued commitment.
• Implementing COBIT is not a matter of taking it out of the box and
implementing it as written.
Instead, it is a process of selecting the most appropriate elements,
tailoring them as needed and
applying them to the specific needs of the organisation.
11. COBIT is being used by about 10 percent of the IT population.
The current acceptance rate of COBIT—i.e., the percentage of the general
IT population using one or
more parts of COBIT—is now 10 percent (at least). Given the relatively
large number of respondents
indicating that they use an internally developed IT governance solution, it
is probable that there are a
number of ‘hidden’ COBIT users who have implemented portions of it in
their own enterprise-specific
solution.