Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, October 03, 2005

The Global State of

A worldwide study by CIO, CSO and PricewaterhouseCoopers reveals a digital landscape ablaze, with thousands of security leaders fighting the flames.But amid the uncertainty and crisis management, there’s an oasis of strategic thinking.


Intellectual property left on a laptop that’s gone missing.
Corporate espionage rings that stretch from the United Kingdom to the Middle East and use IT to infiltrate companies.
Phishing scams by the thousands: puddle phishing, Wi-phishing, pharming.

We haven’t even mentioned good old viruses and worms, but those still work too.

To borrow from forestry parlance, information security is an escaped wildfire.And according to “The Global State of Information Security 2005,” a worldwide study by CIO, CSO and PricewaterhouseCoopers (PwC), you are the firefighters,desperately trying to outflank the fireline and prevent flare-ups and firestorms.It’s a thankless, impossible business.

In this environment, just holding your ground is a victory, and that’s what you’re doing.

This is the third annual edition of the survey—-once again the largest of its kind with more than 8,200 IT and security executives responding from 63 countries on six continents.  Each year the data has shown incremental improvement in the tactical battle to react to and fight off security incidents.

At the same time, the data shows a notable lack of focus on actions and strategies that could prevent these incidents in the first place.

There’s also a remarkable ambivalence among respondents about compliance with government regulations, a clear lack of risk management discipline, and a continuing inability to create actionable security intelligence out of mountains of security data.

Just 37 percent of respondents reported that they had an information security strategy—-and only 24 percent of the rest say that creating one is in the plans for next year.  With increasingly serious, complex, targeted and damaging threats continuously emerging, that’s not a good thing.  “When you spend all that time fighting fires, you don’t even have time to come up with the new ways to build things so they don’t burn down,” says Mark Lobel, a security-focused partner with PricewaterhouseCoopers.  “Right now, there’s hardly a fire code.”

Lobel compares the global state of information security to Chicago right before the great fire.  “Some folks were well-protected and others weren’t,” he says, but when the ones that weren’t protected began to burn, the ones that were protected caught fire too. “

Of course, with the survey’s thousands of pages of data and tens of thousands of data points, the overall security picture is a little more complex than “Everyone’s tactical; no one’s strategic.”  Some respondents show signs of embracing a more holistic approach than others.  Maybe even create a fire code so that if a cow does knock over a lantern,the whole city won’t burn.

Posted on 10/03