Security is very old in most respects, yet very young in others. As a corporate discipline, security unfortunately languished for years in the basement. Today, as organizations come to grips with a wide swath of risks, the 2010 State of the CSO survey shows those organizations are rapidly adopting more sophisticated view of security. Of course, there's more work to be done--most prominently in the areas of security metrics and awareness programs.
Let's look at the numbers.

1. How well does each statement describe your organization? (Percent who agree or strongly agree with each statement.)

Take a moment to reflect on the enormous progress reflected in the chart above.

Six years ago, respondents reported a generally low regard for security risk management within their companies. Policies were not defined. Security leaders were sidelined. Training was minimal.

The link for this article located at Network World is no longer available.