Conclusion 05

By Terry Kirkpatrick  |  Posted 02-01-2002 Print Email

Conclusion 05: Response to Sept. 11

Activity since Sept. 11 seems to have focused mostly on improving employee training and enforcing existing security procedures rather than on creating new ones. But when it comes to cyberterrorism—the threat of malicious attacks against IT resources—CIOs can be seen, at best, as moderately concerned.

CIOs have clearly been active since Sept. 11. When asked what changes they've made in security procedures since that date, 62% of all respondents said they are more stringently enforcing existing procedures. Half have focused on better employee training, and 35% have either begun or implemented a new security plan. But only 14% are screening IT personnel more thoroughly, and 3% created the role of chief security officer.

Cyberterrorism is a concern for IT executives, but not a very high one—it rated a mean of 6.2 on a scale of 1 to 10. That may be due to the fact that Sept. 11 was much more about physical rather than digital terrorism.

Only 4% of the companies that have performed a formal security risk assessment claim that Sept. 11 spurred the most recent assessment.


Submit a Comment

Loading Comments...