Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, October 28, 2008

Cisco Study: IT Security Policies Unfair

Unfair policies prompt most employees to break company IT security rules, and that could lead to lost customer data, a Cisco study found.  The first part dealt with common employee data leakage risks and the potential impact on the collaborative workforce.  More than half of the employees surveyed admitted that they do not always adhere to corporate security polices.  Of the IT respondents who dealt with employee policy violations, one in five reported that incidents resulted in lost customer data, according to the Cisco study.

The surveys were conducted of more than 2,000 employees and IT professionals in 10 countries: the United States, the United Kingdom, France, Germany, Italy, Japan, China, India, Australia and Brazil.

The study found that the majority of employees believe their companies’ IT security policies are unfair.  Indeed, surveyed employees said the top reason for non-compliance is the belief that policies do not align with the reality of what they need to do their jobs, according to Cisco.

The study found that the majority of employees in eight of 10 countries felt their company’s policies were unfair.  Only employees in Germany and the United States did not agree.  IT believes employees defy policies for a variety of reasons, from failing to grasp the magnitude of security risks to apathy; employees say they break them because they do not align with the ability to do their jobs.  The largest gaps—31%—were in the United States, Brazil and Italy.

Posted on 10/28