IT DRILLDOWN
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion
 CIO Consumer IT
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
 * Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
 * Managing Change: Centralizing Your IT Organization
 July 29

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
BONUS LINKS
 
Database Security
Sentrigo is the leader in database security, auditing and protection.
 
 
News Feature
 

The Global State of Information Security 2005

 

September 15, 2005CIO

Every day it’s something else.

Millions of personally identifiable records stolen.

Intellectual property left on a laptop that’s gone missing.

Corporate espionage rings that stretch from the United Kingdom to the Middle East and use IT to infiltrate companies.

Phishing scams by the thousands: puddle phishing, Wi-phishing, pharming.

Then there’s spam and spyware, zombie networks, DDoS (distributed denial-of-service) attacks and session hijacking. Online auction fraud. Online extortion. We haven’t even mentioned good old viruses and worms, but those still work too.

To borrow from forestry parlance, information security is an escaped wildfire. And according to “The Global State of Information Security 2005,” a worldwide study by CIO and PricewaterhouseCoopers (PWC), you are the firefighters, desperately trying to outflank the fireline and prevent flare-ups and firestorms. It’s a thankless, impossible business.

In this environment, just holding your ground is a victory, and that’s what you’re doing. This is the third annual edition of the survey—once again the largest of its kind with more than 8,200 IT and security executives responding from 63 countries on six continents. Each year the data has shown incremental improvement in the tactical battle to react to and fight off security incidents.

At the same time, the data shows a notable lack of focus on actions and strategies that could prevent these incidents in the first place. There’s also a remarkable ambivalence among respondents about compliance with government regulations, a clear lack of risk management discipline, and a continuing inability to create actionable security intelligence out of mountains of security data.

Just 37 percent of respondents reported that they had an information security strategy—and only 24 percent of the rest say that creating one is in the plans for next year. With increasingly serious, complex, targeted and damaging threats continuously emerging, that’s not a good thing.

“When you spend all that time fighting fires, you don’t even have time to come up with the new ways to build things so they don’t burn down,” says Mark Lobel, a security-focused partner with PricewaterhouseCoopers. “Right now, there’s hardly a fire code.” Lobel compares the global state of information security to Chicago right before the great fire. “Some folks were well-protected and others weren’t,” he says, but when the ones that weren’t protected began to burn, the ones that were protected caught fire too.

Of course, with the survey’s thousands of pages of data and tens of thousands of data points, the overall security picture is a little more complex than “Everyone’s tactical; no one’s strategic.” Some respondents show signs of embracing a more holistic approach than others. So we’ll delve into one industry sector—financial services—as a best practices group that, while still struggling to put out fires, has devoted more time, resources and strategic thinking to its information security posture than the average respondent. We’ll also highlight some other encouraging numbers that suggest that more companies than ever are laying the groundwork for a more strategic information security department.
Loading...
 
 
CENTER OF EXCELLENCE
 
Security
» New 2008 Report: Outbound Email and Data Loss Prevention in Today's Enterprise
Read the statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, mobile Internet-connected devices and more.
» Regulations Shift Focus on Outbound Email Security
Find out more about the impact of data protection regulations and standards such as HIPAA, PCI, and PIIG, which place new constraints on data.
» Messaging Security Goes Virtual
Learn how virtual appliances can eliminate "appliance overload" by combining the advantages of hardware appliances and virtualization technology.
» Encryption Made Easy: The Advantages of Identity Based Encryption
Find out why email encyrption is critical to an organization's overall security architecture and the advantages of identity-based encryption over traditional approaches.
» The Great Email Security Debate: Appliances, SaaS, or Virtual?
Hear how you can keep your messaging infrastructure safe from spam and viruses, or prevent leaks of your organization's most valuable data.
Center sponsored by

 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Building an Online Customer Experience Competency

They Cant Steal What You Don't Have: Smart Security Choices for Mobile Workers

The Great Email Security Debate: Appliances, SaaS, or Virtual?

Messaging Security Goes Virtual

Outbound Email and Data Loss Prevention in Today's Enterprise

How to Manage the Mobile Work Environment

How to simplify mobility and reduce the cost of supporting mobile workers

Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response

Cisco IT eSummit: View 30-minute webinars, technical demos and case studies

Technologies of ETERNUS VS900 Storage Virtualization Switch

New research validates telepresence solutions.

Configuration Assessment: Choosing the Right Solution

How to Calculate the ROI of Remote Support

31 Best Practices for the Service Desk

Webcast: Building an Optimized Infrastructure

Juniper Networks is changing the economics of networking with a no-compromise, highperformance and service-oriented approach

Research about the efficiencies created by different operating systems.

Unified Communications Software: The Death of VoIP?

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Seeing is Believing: The Value of Video Collaboration

Getting Network Management Right: A Gartner IT briefing

Oracle Database 11g: Real Application Testing & Manageability

Sheriff's Office Uses PocketCop to Access Police Databases from BlackBerry® Smartphones

The BlackBerry Solution Adds Significant Benefit to Toshiba

The New Foundation of Storage: Xiotech's Intelligent Storage Element

Best Practices for Providing Secure and Cost-Effective Remote Access

How to Offer the Strongest SSL Encryption

The Advantages of Identity Based Encryption

Regulations Shift Focus on Outbound Email Security

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get Control of Mobile Data (and More)

Mitigating Risk with Security Assessments

Webcast: Best practices in application security: How do you stack up?

Using Oracle Database 10g Automatic Storage Management with Fujitsu Storage

High-Speed Backups without Stopping Business Applications

Optimizing Infrastructure Control

Effective Security with a Continuous Approach to ISO 27001 Compliance

How Does Your IT Help Desk Measure Up?

Webcast: Achieving business alignment and agility with the right capabilities framework

White Paper: Juniper Networks Ethernet Switching Solutions Reduce Operational IT Expenses

Webcast: Learn why companies must invest in an agile network infrastructure

White Paper: Businesses Thrive by Unifying Business Communications

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

Renowned Engineering Institution Chooses AMD Processor-Based Servers

High-Definition: The Evolution of Video Conferencing

Unify and Conquer: The Benefits of Unified Communications.

Key challenges facing today's IT service and support

Heinz Uses a Wireless, Automated, Auditing process on BlackBerry® devices

Webcast: Solutions to the Toughest IT Challenges in Remote Offices

Extending PCI Compliance to the Mobile Workforce