Need answer. Thank you.

Transcribed Image Text:

With blending IT expertise with a non-IT perspective, how can the organizations enhance overall information security effectiveness?

Transcribed Image Text:

According to a global information security survey by the giant E&Y in 2010, in 46% of cases firms have reported an increase in investment in information security. The report also indicates that 60% interviewees feel that the use of cloud computing, smartphones, social media and other personal gadgets have posed a higher risk to information security. However, a firm must keep a proper mix of managerial, behavioral and technical aspects of information security to overcome the data risk challenges. Organizations have substantially improved information security programs to address accelerating threats. They have added new features to their information security systems, redefined strategies, installed new information security function components and added more people. These step-by-step adjustments have undoubtedly improved information security capabilities. It just hasn't improved them enough. Traditionally, IT departments do not have a formal risk landscape or assessment mechanism something that is fundamental to the risk function. This may explain why 52% of organizations do not have a threat intelligence program currently in place. Without a disciplined approach to researching and monitoring threat intelligence, the IT function is not only unable to proactively address current threats; it also has no way of anticipating the threats that are lurking just around the corner. This only reemphasizes the gap. It's a familiar refrain, particularly in today's era of economic volatility and spending restraint: too much work, not enough resources. But a lack of resources only tells part of the story. Information security doesn't just need more resources; it needs people with the right skills and training to meet rapidly evolving changes in the information security landscape. The article above demonstrates the trend and survey of information security from Year 2010 to Year 2012 by E&Y. Based on your opinion, discuss the followings with justification: