US boardrooms wake up to data security, says this article by Antony Savvas in this ComputerworldUK article based on a survey of 11,000 public company directors and 2000 general counsels who rank data security as their top corporate fear.

In the fog of war, intelligence is limited, ever subject to the enemy's feints and disinformation, doomed to deliver a murky picture that can rarely provide, from the inevitably large amounts of diverse data, a cogent view capable of leading to better decisions and final victory.

For a CIO/CISO to provide leadership, he/she needs a clear vision of the enterprise’s security posture and the ability to communicate its relevance to the board of directors. CISOs must ensure that every security project maps back to the company’s strategic business objectives. They have to be rigorous when making decisions about the information security investments they have to authorize and support. Enterprise security developments require superior planning, communication and leadership abilities.

Essential features of information security assets and activities:

The Carnegie Mellon Governance of Enterprise Security: CyLab 2012 reportrevealed that less than two-thirds of the respondents’ organizations have full-time personnel in the key roles for privacy and security (CISO/CSO, CPO, CRO). Respondents across all industry sectors are not assigning key privacy and security responsibilities to defined executive roles, such as CISO/CSO, CPO, or CSO, with reporting lines that avoid segregation of duties issues.