The State of Risk-Based Security - Chapter 5: Security Controls and Spending

This chapter of the 2013 Ponemon Institute study on risk-based
security management addresses security controls and spending in
the U.S. and U.K. The nearly 2,000 respondents were first asked
to identify how well their organization accomplished the key steps
necessary to assess and prioritize security risks. It’s particularly
interesting to note that 51 percent of study respondents in the U.S.
and 49 percent in the U.K. said they have identified specific controls
at various network layers to ensure the risks were acceptable
to the business, but only 43 percent in the U.S. and 39 percent in
the U.K. said they had implemented those controls.