Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Key Security Initiatives Abound

Editor's Desk: Everything Goes

According to the Information Security/ Priorities 2008 survey, you'll be spending more time on...well, you name it.

Information Security's fourth annual Priorities survey drew record participation from readers--more than 1,100 of you responded--and one thing came through loud and clear: More initiatives and responsibilities are being put on your plate and nothing seems to be coming off.

When we asked about key initiatives such as endpoint security, vulnerability management, compliance, identity management and the like, 80 percent responded they will be spending equal or more time on such matters. While these findings show that indeed you will be busy in 2008, they also show the importance and influence of your role in the organization. In fact, 67 percent say their job is going to be more strategic in 2008.

Today many CISOs and CSOs are far more involved in risk management and regulatory compliance issues, moving away from technology responsibilities. Seventy-five percent of those surveyed say they will be spending more time on compliance in 2008, working to continuously improve compliance processes.

Other results of note: Endpoint security and network access control are gaining ground in organizations; 69 percent of those surveyed say it is important for 2008. For the last 18 months NAC has been about marketing hype with Microsoft, Cisco and other vendors evangelizing the rewards of the technology. It appears that in 2008 we'll start to see some deployments and will be able to assess its success.

Speaking of Microsoft and Cisco, we asked our readers what they thought of these vendors and the results were telling. While Microsoft has made inroads with its Trustworthy Computing initiative, the company still needs to win the hearts and minds of security professionals. Only 23 percent think that Microsoft has strong security. When asked the same question about Cisco, 60 percent responded positively. Still the large vendors have a leg up on some of the smaller vendors as 58 percent of users are reticent to work with smaller vendors.

We also saw some interesting results when it comes to technology deployments. Enterprise single sign-on is picking up steam with 47 percent saying they will evaluate or implement eSSO in 2008. Conversely, federated identity management has lackluster interest with more than half of those responding saying they weren't going to do anything with it in 2008.

Data protection continues to be a front-and-center concern as data breaches expose vulnerabilities and regulations demand action. Sixty-six percent say database security is either important or very important, followed by data leakage at 56 percent and intellectual property protection at 52 percent. And as attackers focus on applications, 59 percent say secure coding practices are important or very important. Meanwhile, there appears to be widespread adoption of all sorts of encryption in organizations today.

We hope you find these results informative as you embark on security projects for 2008.

We're pleased to announce we have launched two new security sites as part of our editorial portfolio. While we have Information Security translated into several languages, and published in more than a half-dozen countries, we are expanding our international offerings with This site will address the specific regulatory and technical needs of the U.K. audience. We have also launched, where we will provide very specific and more targeted security information for information security professionals in the financial services market.

Article 15 of 16

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All