Many organisations failing in information security efforts
A new poll of 520 chief security officers (CSOs) and senior security executives conducted by IDG's CSO magazine reveals that the majority (52 percent) of CSOs are only "somewhat confident" that their information security activities are effective with 12 percent saying they're "not very" or "not at all" confident. Only one-third of respondents characterise their security investment as being "on plan" with 45 percent playing catch up and 15 percent falling behind. Fewer than one in ten (8 percent) feel they are ahead. And 35 percent are concerned that security is “falling off their CEO's radar”. Not surprisingly, the poll shows a direct correlation between security confidence and an organisation's level of security investment. CSOs that reported being extremely or very confident in their security measures were those with the highest budgets. Incidentally, this group also boasted the lowest number of cyber crime incidents and monetary losses as a result of those incidents. CSOs on cyber crime Only 22 percent of CSOs report being free of cyber crime during the past 12 months. However, most CSOs (52 percent) still do not measure total monetary value losses sustained due to cyber crime. And less than one quarter (23 percent) report their organisation has prosecuted offenders of cyber crimes. However, most CSOs have established plans to deal with disasters or severe criminal activity. Sixty-four percent have a formal Incident Response Team in place to respond quickly and effectively to security incidences and 80 percent report someone has been assigned responsibility for physical disaster planning. CSOs on employee monitoring Underscoring their concerns about cyber crime, security executives continue to consider their own employees and other "trusted insiders" (contractors, consultants, business partners) as posing the greatest cyber security threat to their organisations. In fact, 74 percent of CSOs report security concerns are the main reason they engage in employee monitoring, followed by legal liability (59 percent) and legal compliance (47 percent). Only 24 percent named productivity as a reason for monitoring employee activity. The most common methods of employee monitoring reported are monitoring Internet connections (74 percent), background examinations (62 percent) and storage and review of e-mail messages (43 percent). Only a small percentage of CSOs report they videotape employees at work (18 percent), record and review employee telephone conversations (12 percent) and store and review voice mail messages (7 percent).
Reproduced from an article published by Continuity Central
© Continuity Central
The original article can be viewed here:
http://continuitycentral.com
Permalink Bookmark Digg this story
