Monthly newsletter Weekly news roundup Breaking news notification    

Survey investigates how organisational structure influences network security

Get free weekly news by e-mailStillSecure has announced the results of a recent survey that sheds light on how organisational structure affects the way companies contend with day-to-day network security challenges. The ‘2005 Security Management Survey’, conducted during June 2005, received responses from almost 900 information technology and security professionals. Survey respondents included a mix of organisations in the commercial and government sectors.

As part of the survey, StillSecure investigated whether responsibility for network security still resides within IT departments or whether it has moved elsewhere due to the increase in government regulations and issues surrounding business continuity. The survey found that 53 percent of respondents still report into the IT department (CIO, CTO), although a larger-than-expected number - 29 percent - report directly to the CEO or CFO. Only 5 percent report into corporate security (CSO, legal), and the remainder report to ‘other.’ Almost all security professionals (82 percent) are responsible for a mix of networking and security as opposed to one or the other.

The survey also found that network security is highly dispersed throughout the organisation. 34 percent have a centralized, dedicated security group, 27 percent have one or more employees working on security part-time, 21 percent have one or more employees working on security full-time, and 18 percent stated that security is a component within multiple departments.

Although there was no direct correlation between organisational structure and network security challenges, the majority of respondents (53 percent) stated that the primary inhibitor to effective network security is too many other business demands. Others said that security responsibilities are too distributed (11 percent), security is not a core component of IT (9 percent), and they are only allowed to manage specific areas of the network (8 percent).

Most organisations are adopting a layered security approach starting with the perimeter and desktop. Over 60 percent of respondents have already implemented remote access, anti-spam, anti-spyware, intrusion detection, and patch management solutions. Technologies that are currently less widely implemented (50 percent adoption rates or below) include intrusion prevention, vulnerability management, endpoint policy compliance, identity management, and SIMs (security information managers). When asked to prioritise security initiatives over the next 12-18 months, 32 percent ranked intrusion prevention (IPS) as their top priority. Intrusion detection (IDS) and patch management tied for second at 27 percent each, and anti-spyware ranked third at 23 percent.

A complete copy of StillSecure's Security Management Survey is available in PDF format at http://www.stillsecure.com/securitysurvey

Date: 28th July 2005 • Region: UK/World Type: Article •Topic: ISM
Rate this article or make a comment - click here



Copyright 2008 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help