Enterprises have to keep up with the latest regulations and standards to ensure they remain compliant. Not being compliant potentially can shut down the business, as in the case of failing to comply with the PCI (Payment Card Industry) security regulations. Other federal regulations affecting IT management policies, including Basel, Frank-Dodd, PII, Do Not Track, Solvency II and HITECH Meaningful Use, are set to go into effect or be updated in the next year.
Top Compliance Concerns
The ISACA survey showed 85 percent of the organizations were worried about the segregation of duties and privileged-access monitoring. Companies are trying to become more efficient in how they manage various compliance rules.
Enterprise-Based IT Management and Governance
Organizations are concerned about managing IT project risk, aligning IT strategy with the business mission, and adhering to generally accepted security and control practices.
Information Security Management
After so many well-publicized, recent data breaches and losses, as well as information leaks and data-theft Trojans, its not surprising that organizations are concerned about information security.
Lack of Senior Management Involvement
Near 80 percent of the survey respondents said the lack of senior-management involvement in setting direction for information security was important or very important. If organizations dont get top-down commitment to security, IT departments wont be able to effectively protect the organization from threats.
Disaster Recovery/Business Continuity
From flooding, power outages, natural disasters and acts of terrorism, all businesses are vulnerable to disruption. Businesses have to consider what the costs and risks are, and establish a disaster-recovery plan.
Managing IT Risks
A majority of enterprises do not understand that they are also in the business of managing risk, including information risk. There is a significant lack of awareness about IT risk.
Vulnerability ManagementManaging unauthorized access is becoming a priority for almost all companies. Enterprises need to enhance the security of their systems with technology to prevent and detect intrusion.
Continuous Process Improvement and Business Agility
Enterprise success depends on establishing capabilities and infrastructure to continually improve business processes and implement change. Businesses are now rethinking their development practices and automation processes.
While they didnt make the top 7, businesses are ranking cloud computing, mobile-device management, virtualization and business intelligence high on their lists of IT concerns.