A recent security survey by Ernst & Young LLP found that there is both a lack of IT security priority in the executive suite and a lack of security awareness among users.<\/p>\n","protected":false},"excerpt":{"rendered":"
The latter, which was rated as the top obstacle to effective information security, was not even on the radar in 2003 when “budget constraints” was the top challenge.<\/p>\n
On a more positive note, companies confident about their information security were more likely to have security buy-in at the executive level.<\/p>\n
Only 20% of respondents strongly agreed that information security is a CEO-level priority; 34% agreed, 25% were neutral and 20% disagreed or strongly disagreed. For those classified as “confident respondents,” 34% said they strongly agree that data security is a CEO-level priority, while 36% agreed.<\/p>\n
“All the CEOs say the right thing — security is important — but when you look at the stats, things like spending, [they’re] not spending like they say they will,” Kaufield said. “That is the disconnect that still seems to be apparent.”<\/p>\n
In fact, 61% of the respondents said IT security spending will go up in 2004, and 69% said 2005 will see more spending than 2004.<\/p>\n
Numbers like these make Richard Reiner, CEO of FSC Internet Corp., a security solutions provider in Toronto, a tad suspicious of respondents’ truthfulness. “I would suppose that there is still a trend for the individual to answer these questions to put a positive rather than negative face on things,” Reiner said. But Reiner said there are organizations in Canada that do a good job with IT security — financial institutions, insurance companies and telecoms — and “probably don’t need to increase their info-sec spending.” <\/p>\n
He added, however, that the Canadian retail sector is a different story. Recently he had a conversation with an executive from a “reasonable-sized” retailer who told Reiner his company had no one responsible for IT security, no IT security budget and no IT security policies.<\/p>\n
http:\/\/www.computerworld.com\/securitytopics\/security\/story\/0,10801,96821,00.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-1776","post","type-post","status-publish","format-standard","hentry","category-statistics"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1776"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1776\/revisions"}],"predecessor-version":[{"id":4263,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1776\/revisions\/4263"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}