The IT Employment Disconnect
|
|
|
|
|
By Ed Cone
SAP Shifts Gears
Customers should be asking what SAP's leadership change means for them.
| |
|
|
|
By Brian P. Watson
Deciphering China
The Beijing Olympics are over, but China's influence is only growing. Here's why.
| |
|
September 2006 Security Survey: It Can't Happen Here—But It Does
By Allan Alter
2006-10-03
Article Views: 1084
Article Rating: / 0
| Rate This Article: |
|
| Add This Article To: |
|
|
Most IT executives are confident in their company's security. But do they really have all the bases covered? Bad things happen to good customers. In the past few months, laptops containing Social Security numbers or customer information were stolen from the Veterans' Administration, Fidelity Investments, Ameriprise Financial and Ernst & Young. The theft of a file server at insurer AIG put a million customers' account data at risk. And organized criminals fraudulently withdrew money from personal accounts at several Massachusetts credit unions. Still, according to this year's CIO Insight Security Survey, IT executives remain confident in their security. Should they be?
Some of this month's survey results seem encouraging: Confidence in security technologies, most notably in antivirus software, remains high. Security spending has increased, although that's due as much to regulatory requirements as to security worries. And more respondents report their companies have an enterprisewide IT security strategy in place.
Still, there's evidence that CIOs could be overconfident. One in three companies reports a security breach in the past year, and one in four says it has been targeted by organized criminals. Management resistance and careless adherence to company security policies remain problems. And many companies still don't use encryption, or do not have policies in place for working with sensitive company data outside the office—policies that might have saved the VA, Fidelity and others a good deal of grief.
For IT security to work, companies must train and motivate personnel to consistently avoid risky behavior, build strong technical defenses that are quick to adapt to new threats, and ensure clear management support for both. What's worrisome is that too many companies aren't good at all three.
Research Guide:
Security Breaches Strike One in Three Companies
Finding 1: Employee negligence and Microsoft vulnerabilities are considered the most significant IT-security risks
Finding 2: Almost half of large companies have been targeted by online criminals.
Finding 3: One company in six has lost equipment containing company data in the past year.
Despite Security Problems, Confidence in IT Security Remains High
Finding 4: Confidence in IT security remains high, despite security problems.
CIOs Have High Confidence in Security Vendors
Finding 5: Overall satisfaction with security technologies is keeping confidence levels high.
Finding 6: The adoption of comprehensive strategies is also boosting confidence.
CIOs Need To Fill Holes in Security and Privacy Policies
Finding 7: Most companies still don't do enough to keep employee and customer data private.
Finding 8: Companies still need to tighten their security policies.
Additional findings from the Security Survey are in Allan Alter's Research Central blog:
Little Interest in Outsourcing Security
Is Web 2.0 a Security Threat?
The Threat of Cyberterrorism
Windows, Open Source and Security
54% Say Microsoft Software Is a Security Threat
One in Three Companies Report Security Breaches
Read our previous surveys on IT security, privacy and risk:
September 2005: Security Relaxes as IT Threats Increase
September 2004: Security and Privacy: Do You Feel More Secure Than Last Year?
August 2003: Is Your Security Comfort Level Too High?
September 2002: Rethinking Risk
February 2002: Security 2002
October 2001: Disaster Recovery 2001
Related stories:
Trends:
Field Report: Security in the World of Web 2.0 (September 2006)
The Death of Privacy (September 2006)
Intellectual Security: Patent Everything You Do, Before Someone Else Does (December 2005)
Outsourced Security: An Idea CIOs Loathe (September 2005)
Double Identity: Pressure Increases, but CIOs Still Struggle to Stop Identity Theft (September 2005)
Geekfathers: CyberCrime Mobs Revealed (Baseline May 2005)
Trust Yourself: The Business Value of Trust (September 2004)
Re-Engineering Security (August 2003)
Case studies:
Case Study: Mohegan Sun and the Future of Data Security (September 2006)
Commerce Bancorp: Online Fraud—Hired Gun Hunts Phishers (September 2006):
Security: Safe Savings for MedicAlert (June 2006)
Lexis-Nexis: Ground Zero for War vs. Data Thieves (September 2005)
Ships Systems: Surviving the Storm, and the Recovery (September 2005)
Interviews and Expert Voices:
Mike Dreyer, CIO, Visa: The Gatekeeper (September 2006)
Jeffrey M. Stanton: the Art of Employee Surveillance (September 2006)
Ira Winkler: Security is Easier—And Crooks Are Dumber—Than You Think (September 2005)
Larry Ponemon, Ponemon Institute: Making Privacy Work (September 2004)
Jim Seligman, CIO, Centers for Disease Control: An Ounce of Prevention (September 2004)
Steven Cooper, CIO, Department of Homeland Security: DHS CIO Answers Tough Questions (September 2004)
Richard Clarke, former National Coordinator for Security, Infrastructure Protection and Counterterrorism: Clear and Present Danger (August 2003)
Jonathan Zittrain, Harvard University: Diminishing Returns (August 2003)
Marc Rotenberg, Electronic Privacy Information Center: Building Big Brother (August 2003)
Bruce Schneier, Counterpane Internet Security: How to Fight (August 2003)
Paul Schoemaker, Wharton Business School: Embracing Uncertainty (September 2002)
Technology:
The Trouble With WiFi (September 2006)
Encryption 101 (September 2006)
GPS Keeps Parolees on a Short, Smart Leash (September 2006)
Enterprise Rights Management Aims Digital Rights at Sensitive Documents (May 2006)
Outsourced Security: An Idea CIOs Loathe (September 2005)
Identity Management: Who Are You? (September 2004)
Research:
Bleak Prospects for Corporate Data Center (April 2006)
Whiteboards:
Hugh Dubberly: The Information Loop (September 2004)
Gary Lynch and Karen Avery: How to Improve Your IT Security Policy: A Six Sigma Approach (August 2003)
Opinion:
Larry Downes: If It Ain't Broke... (September 2006)
Dan Gillmor: Customer Data May be Too Risky to Keep (September 2005)
Darwin John: Whose Data Is It, Anyway? (September 2004)
Eric Nee: Making Legitimate Business From Data Theft? (September 2005)
Eric Nee: Mind Your Own Business (September 2004)
|
|
 |
| FEATURED CONTENT |
HP Resource Center
HP StorageWorks Scalable NAS is highly available, scalable network-attached storage for any industry solution. To learn how you can take full advantage of fault-tolerant NAS that seamlessly scales capacity and performance, visit: http://www.hp.com/go/scalablenas
Go Now!
|
|
Sponsored by
 | |
|
| DOWNLOADABLE ROI CALCULATORS & TOOLS FROM BASELINE |
Calculate Cost and ROI of Spam, VOIP, RFID, Sarbanes-Oxley and more...
Featured Calculators:
See More Tools!
By Category| Planners |Calculators | Quizzes
|
| | |
|
|
|
Technical WHITE PAPERS essential in the decision-making process for technology buyers!
See All White Papers
| |
| Ziff Davis Enterprise Branded Conferences | |
To view the complete list of Ziff Davis Enterprise branded conferences and custom events, please click here.
| |
|
