Interview: IT Controls Benchmark Survey Results - Gene Kim, IT Process Institute
David Geer recently spoke with Gene Kim, CTO of Tripwire and co-founder of the IT Process Institute, an independent research organization that exists to support the membership of IT audit, security, and operations professionals. Following is an edited transcript of that conversation. You may also listen to the original interview here, or visit our Podcast Center for more audio interviews.
Hello, I'm David Geer, and we're talking with Gene Kim about the IT Controls Benchmark survey conducted by Kim and researchers from Carnegie Mellon, Florida State, and the University of Oregon, and published by the Institute. For this survey, 98 respondents from a wide range of company sizes and industries were queried with 97 questions related to IT controls. Forty-three percent of respondents were directors, vice presidents, or C-level managers. The purpose of the survey was to demonstrate how IT organizations can begin to move from good to great in handling IT control issues.
David Geer: In general, why is this survey important?
Gene Kim: This survey is important because I think we're starting to test the medication that we're doling out. In the manufacturing world, there was a big breakthrough in the decision sciences around automotive manufacturing when the lean manufacturing researchers out of MIT basically benchmarked every major automotive manufacturing plant in the world and they found out, wow, high performance exists. They have one-half the floor space, one-half the defects, one-half the inventory, one-half the cycle time, and they've called these the high performers. And they went out and captured and codified what they did. And so what the IT Controls Performance Study is all about is really trying to replicate that same methodology and figure out what is it exactly that the high-performing IT organizations are doing, and figure out more specifically what is it that the medium and low performers aren't doing that's keeping them from being high performers.
Geer: The two top controls in this survey that were most universally present in the high performers and yet virtually absent in everyone else, including 87% of the rest of the respondents, were monitoring systems for unauthorized changes and having defined consequences for intentional unauthorized changes. What surprised you about these results, Gene?
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
