|
 A
new poll of 520 chief security officers (CSOs) and senior security
executives conducted by IDG's CSO magazine reveals that the majority
(52 percent) of CSOs are only "somewhat confident" that
their information security activities are effective with 12 percent
saying they're "not very" or "not at all" confident.
Only one-third of respondents characterise their security investment
as being "on plan" with 45 percent playing catch up and
15 percent falling behind. Fewer than one in ten (8 percent) feel
they are ahead. And 35 percent are concerned that security is “falling
off their CEO's radar”.
Not surprisingly, the poll shows a direct correlation
between security confidence and an organisation's level of security
investment. CSOs that reported being extremely or very confident
in their security measures were those with the highest budgets.
Incidentally, this group also boasted the lowest number of cyber
crime incidents and monetary losses as a result of those incidents.
CSOs on cyber crime
Only 22 percent of CSOs report being free of cyber crime during
the past 12 months. However, most CSOs (52 percent) still do not
measure total monetary value losses sustained due to cyber crime.
And less than one quarter (23 percent) report their organisation
has prosecuted offenders of cyber crimes. However, most CSOs have
established plans to deal with disasters or severe criminal activity.
Sixty-four percent have a formal Incident Response Team in place
to respond quickly and effectively to security incidences and 80
percent report someone has been assigned responsibility for physical
disaster planning.
CSOs on employee monitoring
Underscoring their concerns about cyber crime, security executives
continue to consider their own employees and other "trusted
insiders" (contractors, consultants, business partners) as
posing the greatest cyber security threat to their organisations.
In fact, 74 percent of CSOs report security concerns are the main
reason they engage in employee monitoring, followed by legal liability
(59 percent) and legal compliance (47 percent). Only 24 percent
named productivity as a reason for monitoring employee activity.
The most common methods of employee monitoring reported are monitoring
Internet connections (74 percent), background examinations (62 percent)
and storage and review of e-mail messages (43 percent). Only a small
percentage of CSOs report they videotape employees at work (18 percent),
record and review employee telephone conversations (12 percent)
and store and review voice mail messages (7 percent).
www.idg.com
•Date:
27th January 2004 •Region: N.America •Type:
Article •Topic:
ISM
Rate
this article or make a comment - click
here
|
