Twenty-Four Seven Security« Next Wave of Security Authentication -- Follow the Money | Main | Podcast with Fortify Software: The Many Dangers of Unsecured Web Applications »
September 12, 2007It's Not the Size of the Company That Determines Security
The folks over at CIO.com have just released the results of their Global State of Information Security survey that, while noting some critical trends, have also uncovered some security truisms that have remained remarkably consistent over the five years they've been doing the survey.
And these security truisms are:
1) Companies are 10 percent happier with their security policies than with their security spending. While 85 percent said that their security policies are in-line with the business, only 75 percent felt that about their security spending.
2) Companies are more confident in their own security than their partners: 80 to 85 percent of the companies surveyed were confident in their security policies, but that number dropped down to 70 to 75 percent when the companies were asked how confident they were in their partner’s security.
3) Very few are fully confident: less than 8 percent of respondents claimed they were 100 percent compliant with their security policies.
4) Company size does not affect security spending. When measured as a percentage of the entire IT budget, it did not matter how big a company was or how many employees it had when determining it’s security spending. What mattered was the type of industry, with technology companies typically spending the most, and nonprofits and educational institutions the least.
5) Follow the money. As I blogged yesterday, banks and financial services companies are attacked the most but suffer less. And while financial institutions have reported an increase in the frequency of attacks, they have not suffered a similar increase in losses or system downtime.
All week long I'm going to remind you to sign-up for the ebizQ Security Newsletter, where you get all the security news you need to know directly into your in-box. You can do that right here.
Tag: Security Survey, Security Budget, Security Spending
Tags:
Posted by pschooff in
|
Digg This|
Add to del.icio.us
Trackback Pings
TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2303
Sadly, most IT management and C-level folks hold the erroneous notion that you have to spend more money to be more secure. They forget about policies, procedures and user education almost completely, instead relying upon technology to do their jobs for them.
I say what of actually understanding what's happening on the network and learning how the technology is being used? Hmm? All security equipment does is provide static control based upon well-defined rules. If traffic or content doesn't meet the rule is passes right through and none of these 'control' devices will tell you what they missed...It's no wonder that as spending continues to increase and technology becomes more complicated, people are completely missing the point. Oh well. One can only hope they come to their senses before the money runs out.
Posted by: Meatpieandtatters at September 26, 2007 09:08 PM
Post a comment
