IANS: Security Teams in Decentralized Organizations Have Limited Power to Impose Policies, Standards, and Practices

BOSTON, MA (December 23, 2008) — IANS, a leading research company focused exclusively on the fields of information security, regulatory compliance, and IT risk management, identifies key themes distilled from its San Francisco Security Forum held December 2-3, 2008 in San Francisco, Calif.

The two-day gathering of IT security managers, directors and C-level executives, and 13 security solution providers allowed for intense debate and conversation that centered on five topics:

• Financial viability of security vendor companies due to economic downturn and consolidation in the security space a greater concern than at any other Forum this year
• No single security concern overriding buyers’ purchase decisions – virtualization, securing the cloud, security in the cloud (software as a service) are all highly and equally important currently
• Demand for vendor participation in helping to craft compelling and measurable ROI to support purchasing – internally communication for security leaders is now focused on cases, interpretation, and defense
• New threat landscapes confronting security teams include Google applications, corporate Wikis, voice over IP (VoIP), and mobile devices
• Data loss prevention (DLP) maturation now includes content filtering and monitoring

Relative to Forums recently held in New York and Boston, where centralized companies, such as financial service organizations with strong command and control over security issues, dominated the attendance, the San Francisco event included a strong mix of security solution providers. While the San Francisco audience was highly sophisticated in terms of IT security, many of the attendees came from decentralized organizations where security teams historically hold less power to impose policies, standards, and practices.

“Comparing findings from the attending delegates and the assessments made by the IANS Faculty Members from many of the Forums held throughout the year, IANS continues to see clear differences in information technology needs across geographies in the United States,” said Jack Phillips, CEO and co-founder, IANS. “Many of these variations are due to the disparity in organizational maturation and demands of specific market sectors.”

IANS’ Forums in Detail
Held 6 times throughout the year in as many cities, the IANS Information Security Forums draw close to 200 delegates – all practicing security professionals – from nearly 100 distinct organizations, and 20 security solution providers across a variety of product categories to engage in insightful discussions about the tactics, theories and real-life experiences facing organizations throughout the region.

The unique structure of the events allows attendees to learn tactics and theories by sharing real-life experiences among peers, networking with Faculty members, and learning about early developments from security technology solutions providers. During these peer-based, CEP-accredited events a case study methodology allows IT security practitioners to engage in innovative, thought-provoking, and insightful discussions.

Discussions centered on the following topics & technologies:

• Data Loss Prevention
• Advanced Malware and Sophisticated Adversaries
• Security event and information management
• Execution Control
• Regulatory Compliance
• The future of the IT Security profession

Briefings fell across the following tracks:

• Information-centric protection
• Application and software security
• Incident response and forensics
• Identity & access management
• Network Security
• Evolution to risk management
• Security leadership

IANS’ exclusive partnership with (ISC)2 allowed 53 holders of the CISSP credential to receive 16 continuing educations hours for the two-day event.

MEDIA: Members of the media interested in receiving the complete summary of findings can contact press@iansresearch.com and provide their full contact information. Once finalized, the full report will be sent via email.