An annual study from enterprise software company Micro Focus has shown progress in the security maturity of organizations, but much more work remains. According to the fifth annual State of Security Operations Report 2018, there has been a 10 percent improvement in organization’s ability to meet security-related business goals. According to the study, about 25 percent of organizations assessed meet those goals.
According to the report, enterprises are starting to reap some operational benefits from their security investments, including an average 8 percent improvement within the people and processes aspects of their security program.
The Micro Focus State of Security Operations Report is based on the findings of 200 assessments of 144 discreet organizations, during the past five years, with security operations centers from 33 countries. According to Micro Focus, the report includes organizations in the public and private sectors, enterprises across industry verticals, as well as managed security service providers.
According to Micro Focus, key findings include:
“Over the last five years, we have watched organizations attempt to achieve a complete security transformation by applying Band-Aids – such as the purchase of peripheral products or dismantling of solutions – only to find poor results and poor business alignment,” Matthew Shriner, vice president, Security Professional Services for Micro Focus said in this news release.
Unlike surveys that focus on how respondents perceive their own security maturity levels (no one would overestimate themselves, would they?), the Micro Focus State of Security Operations Report is based on their Security Operations Maturity Model, which uses a five-point scale – a score of “0” is given for a complete lack of capability while a “5” is given for a capability that is consistent, repeatable, documented, measured, tracked, and continually improved upon. The ideal composite maturity score for a modern enterprise is “3.”
tags
George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness, and dozens of other technology publications.
View all postsDon’t miss out on exclusive content and exciting announcements!