Survey finds limited progress on IT security measurement and reporting

According to a new Preventsys survey of 385 IT executives on IT security measurement, 58 percent of respondents indicate that they measure security through manual reporting, relying on spreadsheets and e-mail to track, report and share information. A mere 4 percent have an entirely automated process for security reporting, while the remainder used a mixed approach.

Only 10 percent of IT security executives claim that their company’s security measurement practices are ‘very effective’, while 15 percent admit they are ‘ineffective’ and more than a third, 36 percent, ‘don’t know.’ 39 percent claim their practices are ‘effective.’

When it comes time to present security metrics and reports to the executive team, 58 percent of respondents do so only when asked, followed by 18 percent reporting monthly, 14 percent weekly and 10 percent reporting just four times per year.

“Given the difficulty of accurately collecting, correlating, normalising and generating these reports, it is no wonder that reporting is not yet a routine part of the proactive risk management process in most organisations. However, the demand for this type of operational and strategic information will only increase in frequency,” said Patrick Harr, chief executive officer for Preventsys.

•Date: 15th Nov 2005 • Region: US/World • Type: Article •Topic: ISM
Rate this article or make a comment - click here