SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java

Professional services company Ernst & Young (E&Y), which released the findings of its tenth yearly global Information Security Survey (GISS) recently shows technology is no longer the priority concern for companies. Instead, organizations are more concerned about how to align, drive, manage and staff information security initiatives, says Michael Heaney, manager of technology and security risk services.

The annual survey, which is based on interviews with executives from around 1300 organistions, found that nearly one-third (32 percent) of firms' infosecurity teams never meet with their board and over a quarter admit they not reporting to business leaders on information security compliance or incidents.

The survey found that monthly meetings are three times more likely to take place between information security and IT than with corporate officers.

But the survey’s findings were not all bad news. It found that that information security is becoming more integrated into overall risk management of companies with four out of five (82 percent) respondents reporting at least some levels of integration.

Organizations that have fully integrated information security into their overall risk management approach have nearly doubled since last year –from 15 percent to 29 percent. “Meeting business objectives has been a growing focus for information security for several years; however, in today's market, organisations are looking to ensure information security is now more integrated into overall risk management process,” said Heaney.

The research also found 58 percent of respondents were driven by a need for privacy and data protection, compared with last year's 41 percent.

But the survey found the greatest challenge to delivering information security projects was the availability of experienced and trained resources. Around 51 percent of respondents locally and internationally said that availability of trained IT personnel was scarce.

To overcome this problem, Ernst & Young advised firms to be more formal about identifying skills gaps and putting appropriate training programs in place, as they do for other areas of the business. The firm also added that co-sourcing is also increasingly being seen as a partial solution to this problem.

This year's survey also found that 78 percent (an increase of 12 percent from 2006) of organizations require third parties, vendors or business parties to abide by their information security policies, procedures and standards.