Home > Security Tips > Compliance Counselor > Survey: Corporate security policies
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

COMPLIANCE COUNSELOR

Survey: Corporate security policies


SearchSecurity.com
04.06.2001
Rating: -3.68- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Here are the highlights from our Survey on Security Policies in the Workplace. This survey, which drew 174 responses, ran for the month of February.

We were surprised to learn that more than half of the respondents said they either do not have a security policy or that they are currently trying to figure out how to create one. We also thought it interesting to note that some companies do not even have a security budget at this time.

You'll also see below the breakout of the biggest security challenges. Topping the list are remote security, e-mail and viruses. The hardest part of security policies to enforce: End user awareness (which curbs stupid user tricks), passwords and e-mail.

Some demographic data that we didn't expect: Not many respondents have "security" in their job titles. Most were IT managers/directors and network/systems administrators. Also, when asked how long they had been in the security field, more than 50% said less than three years.

Actual data:


Q: How does your company handle security policies?

-Formally, with a written plan explained to all new hires = 47.1%
-Informally/word of mouth. = 30.5%
-We are trying to understand how to create/implement one = 18.4%
-We have no plans to create a security policy = 4%

Q: Rate how effective you think your written security policy is:

-Very Effective = 9.3%
-Effective = 16.9%
-Somewhat effective = 37.8%
-Not at all effective = 7.6%
-Not applicable = 28.5%

Q: Rate how effective you think your informal policy is:

-Very Effective = 2.9%
-Effective = 20.1%
-Somewhat effective = 47.7%
-Not at all effective = 12.1%
-Not applicable = 17.2%

Q: If you have a formal policy, how often is it updated?

-Monthly = 12.4%
-Annually = 28.8%
-Every few years = 15.3%
-Never = 7.1%
-Not applicable = 36.5%

Q: How often do you check for policy compliance?

-Daily = 6.9%
-Weekly = 7.5%
-Monthly = 21.8%
-Annually = 17.8%
-Never = 17.2%
-Not applicable = 28.7%

Q: What are your company's biggest security challenges? (multiple responses allowed)

-Remote security (VPNs, notebooks, PDAs, firewalls, e-mail) = 71.3%
-E-mail security = 69.4%
-Viruses/malicious code/DDoS = 64.9%
-Intrusion detection = 56.3%
-Stupid user tricks/human error = 52.9%

Q: What part of your security policy is the hardest to enforce? (open response compiled into a top five)

-Human error/stupid user mistakes
-Passwords
-E-mail viruses/attachments/virus awareness
-Enforcing the security policy
-Personal use of computers

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Compliance Counselor,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Compliance Counselor
Identity lifecycle management for security and compliance
Interpreting 'risk' in the Massachusetts data protection law
FTC Red Flags Rules: How to create an identity theft prevention plan
Creating a HIPAA employee training program
Data protection tips for corporate compliance leaders
PCI DSS compliance requirements: Ensuring data integrity
Understanding PCI DSS compliance requirements for log management
Are 'strong authentication' methods strong enough for compliance?
Strategies for using technology to enable automated compliance
Common PCI questions: Web application firewalls or source code review?

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts