Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, April 05, 2010

Security spending survey finds misaligned IT security budgets

Many enterprise IT security budgets may be focused too heavily on protecting credit card data and customer personal information rather than safeguarding more valuable corporate secrets.  For most enterprises, secrets are more valuable than custodial data.  That was the conclusion of a global survey of 305 people with primary responsibility over IT security budgets, conducted by Forrester Research Inc. CISOs value company earnings and financial information the most, yet the majority of IT security spending is aimed at protecting less valuable data, according to the survey, which was commissioned by Microsoft and RSA, the security division of EMC Corp.

The survey found most security spending is driven by compliance initiatives, which focuses on protecting less valuable custodial data in the form of customer personally identifiable information and credit card numbers.

The data makes up a smaller proportion of a company’s assets, about 38%, while 62% of valuable enterprise assets typically make up corporate secrets.

“Catastrophic toxic data spills are dramatic and expensive, and they garner the most headlines…But for most enterprises, secrets are more valuable than custodial data,” according to the Forrester report, “The value of corporate secrets.”

Firms in the manufacturing, information services, professional, scientific and technical services and transportation accrue between 70% and 80% of their information portfolio value from corporate secrets.  The survey found the average cost for lost smartphone incidents was about $12,000 per incident, while lost laptops and accidental leakages cost $26,000 per incident.,289142,sid14_gci1508039,00.html?track=sy160&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+techtarget%2FSearchsecurity%2FSecurityWire+%28SearchSecurity+%3A+Security+Wire+Daily+News%29

Posted on 04/05