Security News > 2020 > September > CISOs struggling to prep for security audits
CISOs are tasked with preparing for more than three audits on average in the next 6-12 months, but struggle with inadequate tools, limited budgets and personnel, and inefficient manual processes.
"This survey clearly shows that CISOs at major companies are caught between a rock and hard place when it comes to security and compliance audits over the second half of 2020 and want automated tools to help dig them out. Unfortunately, they're simply not able to find them," said Scott Schwan, Shujinko CEO. "Teams are cobbling together scripts, shared spreadsheets, ticketing systems and a hodgepodge of other applications to try to manage, resulting in inefficiency, lengthy preparation and limited visibility. More than two-thirds of CISOs are looking for something better."
Despite changes in the economic climate due to COVID-19, CISOs are still tasked with preparing for more than three upcoming compliance audits across multiple security frameworks.
Most common audits are for HITRUST, HIPAA and PCI DSS. 51% of CISOs surveyed indicated they are preparing for a HITRUST audit in the next six to twelve months, 45% are preparing for HIPAA, 43% for PCI DSS, 41% for CCPA and 36% for an internal audit.
No CISOs reported having a security audit preparation tool that they are completely satisfied with.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/sz7SGItjppg/
Related news
- AI’s rapid growth puts pressure on CISOs to adapt to new security risks (source)
- OWASP dep-scan: Open-source security and risk audit tool (source)
- CISOs pursuing AI readiness should start by updating the org’s email security policy (source)
- Security and privacy strategies for CISOs in a mobile-first world (source)