› Forums › Security › News (Security) › Problems With Sharing Responsibility for Security
Tagged: Governance_G12
- This topic is empty.
-
AuthorPosts
-
-
May 1, 2020 at 5:59 am #41079
#News(Security) [ via IoTGroup ]
Headings…
Problems With Sharing Responsibility for Security
Auto extracted Text……
CEOs, boards of directors, DevOps, developers — it seems like everyone is responsible for security except for actual security teams.
A new survey by Scale Venture Partners finds that 65% believe that someone in the C-suite is ultimately accountable for security.
A majority of C-level executives would be understanding and help the security team in the event of a significant security breach, but 29% of chief information security officers (CISOs) in U.K. domain name broker Nominet’s latest report also believe the employee or contractor responsible for the breach would be fired.
The latest “EY Global Information Security Survey” of senior business leaders found that there is mutual trust between security and IT teams at 80% of companies, but less than 40% can say about security’s relationship with R&D and product development teams.
Another 27% of companies get security involved in the design phase, with another 21% joining new initiatives in the build, test, or deploy stage.
Given these results, it appears that companies are at least giving lip service to security teams’ importance.
However, in that same study, from Snyk, 86% of the security-focused respondents believe security is a joint responsibility between security and “delivery” teams.
Yet another survey, this one by MongoDB, found disagreement among European developers and IT decision-makers (ITDMs) about who is most responsible for securing an application throughout its build.
ITDMs are more likely to say a security specialist they are able to identify is most responsible (28%) and less likely to say cite developers (21%).
It is worrisome that 12% of all respondents say that an unidentified security specialist is responsible — how can an unnamed, unknown team be held accountable?
If developers are doing everything right in the build phase, perhaps security vulnerabilities in software dependencies are most problematic only as production applications age and need to be maintained
Read More..
AutoTextExtraction by Working BoT using SmartNews 1.02976805238 Build 26 Aug 2019
-
-
AuthorPosts
- You must be logged in to reply to this topic.