Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, October 21, 2004

Survey reveals a security disconnect

A recent security survey by Ernst & Young LLP found that there is both a lack of IT security priority in the executive suite and a lack of security awareness among users.

The latter, which was rated as the top obstacle to effective information security, was not even on the radar in 2003 when “budget constraints” was the top challenge.

On a more positive note, companies confident about their information security were more likely to have security buy-in at the executive level.

Only 20% of respondents strongly agreed that information security is a CEO-level priority; 34% agreed, 25% were neutral and 20% disagreed or strongly disagreed.  For those classified as “confident respondents,” 34% said they strongly agree that data security is a CEO-level priority, while 36% agreed.

“All the CEOs say the right thing—security is important—but when you look at the stats, things like spending, [they’re] not spending like they say they will,” Kaufield said.  “That is the disconnect that still seems to be apparent.”

In fact, 61% of the respondents said IT security spending will go up in 2004, and 69% said 2005 will see more spending than 2004.

Numbers like these make Richard Reiner, CEO of FSC Internet Corp., a security solutions provider in Toronto, a tad suspicious of respondents’ truthfulness.  “I would suppose that there is still a trend for the individual to answer these questions to put a positive rather than negative face on things,” Reiner said.  But Reiner said there are organizations in Canada that do a good job with IT security—financial institutions, insurance companies and telecoms—and “probably don’t need to increase their info-sec spending.” 

He added, however, that the Canadian retail sector is a different story.  Recently he had a conversation with an executive from a “reasonable-sized” retailer who told Reiner his company had no one responsible for IT security, no IT security budget and no IT security policies.

http://www.computerworld.com/securitytopics/security/story/0,10801,96821,00.html

Posted on 10/21
Statistics • (0) CommentsPermalink