September 2006 Security Survey: CIOs Need to Fill Holes in Security and Privacy Policies - ' Companies still need to '
(
Page 3 of 3 )
tighten their security policies.">
Finding 8: Companies still need to tighten their security policies.
Only four out of 14 security policies are solidly in place at three-quarters or more of our respondents' companies. And given the news reports about tapes and backup data that were lost during physical moves, it's surprising that so few companies have implemented policies to guide third parties such as drivers. Overall, there's plenty of room for improvement, and more reason to question whether IT executives have excessive faith in their security.
Research Guide:
Finding 1: Employee negligence and Microsoft vulnerabilities are considered the most significant IT-security risks
Finding 2: Almost half of large companies have been targeted by online criminals.
Finding 3: One company in six has lost equipment containing company data in the past year.
Finding 4: Confidence in IT security remains high, despite security problems.
Finding 5: Overall satisfaction with security technologies is keeping confidence levels high.
Finding 6: The adoption of comprehensive strategies is also boosting confidence.
Finding 7: Most companies still don't do enough to keep employee and customer data private.
Finding 8: Companies still need to tighten their security policies.
Read our previous surveys on IT security, privacy and risk:
September 2005: Security Relaxes as IT Threats Increase
September 2004: Security and Privacy: Do You Feel More Secure Than Last Year?
August 2003: Is Your Security Comfort Level Too High?
September 2002: Rethinking Risk
February 2002: Security 2002
October 2001: Disaster Recovery 2001
Related stories:
Trends:
Double Identity: Pressure Increases, but CIOs Still Struggle to Stop Identity Theft (September 2005)
Intellectual Security: Patent e-Engineering Security (August 2003)
Case studies
Lexis-Nexis: Ground Zero for War vs. Data Thieves (September 2005)
Ships Systems: Surviving the Storm, and the Recovery (September 2005)
Interviews and Expert Voices:
Ira Winkler: Security is Easier—And Crooks Are Dumber—Than You Think (September 2005)
Larry Ponemon, Ponemon Institute: Making Privacy Work (September 2004)
Jim Seligman, CIO, Centers for Disease Control: An Ounce of Prevention (September 2004)
Bruce Schneier, Counterpane Internet Security: How to Fight (August 2003)
Technology:
Outsourced Security: An Idea CIOs Loathe (September 2005)
Identity Management: Who are You? (September 2004)
Whiteboards:
Hugh Dubberly: The Information Loop (September 2004)
Gary Lynch and Karen Avery: How to Improve Your IT Security Policy: A Six Sigma Approach (August 2003)
Opinion:
Dan Gillmor: Customer Data May be Too Risky to Keep (September 2005)
Darwin John: Whose Data Is It, Anyway? (September 2004)
Eric Nee: Making Legitimate Business From Data Theft? (September 2005)
test
Past News 
