PwC GSISS 2016: 91% of experts follow a risk-based approach to information security

ISO 27001 one of the two most frequently implemented guidelines in the world

PwC’s newly released Global State of Information Security ® Survey 2016 report is “based on [the] responses of more than 10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs, and directors of IT and security practices from 127 countries.” The vast majority of those respondents – some 91% – recognize that an “effective cybersecurity program starts with a strategy and a foundation based on risks” and “have adopted a [risk-based] security framework, or more often an amalgam of frameworks — often with very productive results.”

The report continues:

“The two most frequently implemented guidelines are ISO 27001 and the US National Institute of Standards and Technology (NIST) Cybersecurity Framework. These guidelines enable organizations to identify and prioritize risks, gauge the maturity of their cybersecurity practices and better communicate internally and externally.

“Risk-based frameworks also can help businesses design, measure and monitor goals toward an improved cybersecurity program that centers around the safety and security of client and organizational information.”

Benefits of security frameworks such as ISO 27001

According to PwC’s 10,000 respondents, a risk-based approach such as the international information security management standard ISO 27001 offers organizations the following benefits:

  • Better able to identify and prioritize security risks (49%)
  • Better able to quickly detect and mitigate security incidents (47%)
  • Sensitive data is more secure (45%)
  • Better understand security gaps and how to improve them (37%)
  • Improved internal and external collaboration and communications (32%)

Free ISO 27001 guidance

Responsible organizations that want to emulate those thousands of experts and implement an ISO 27001-compliant information security management system (ISMS) can find further information about the Standard here >>

ISO 27001 implementation solutions

Priced from only $659, IT Governance’s ISO 27001 Packaged Solutions provide unique information security implementation resources for all organizations, whatever their size, budget, or preferred project approach. Combining standards, tools, books, training, and online consultancy and support, they allow all organizations to implement an ISMS with the minimum of disruption and difficulty.

ISO 27001 provides an enterprise-wide approach to protecting information – in whatever form it is held – based on the specific threats the organization actually faces, enabling organizations of all sizes, sectors, and locations to mitigate the risks they face with appropriate controls.

ISO 27001 Packaged Solutions