IT DRILLDOWN
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Public Teleconferences
Join CIO Executive Council members and participate in the following live one-hour teleconferences:

* Transforming IT Teams
September 16

* Global CIOs: How to Lead on the World Stage
September 18

* Social Responsibility's Strategic Benefits
October 29

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

 
 

Human Error Tops the List of Security Threats

Majority of companies list "human error" as root cause of security failures, well ahead of operations and technology, new Deloitte survey says.

 

February 05, 2008CIO

When it comes to security, human threats score much higher than those posed by technology. So says a new survey by consulting firm Deloitte of more than 100 technology, media and telecommunications companies worldwide. Seventy-five percent of companies listed human error as the leading cause of security failures such as breakdowns and systems outages. Forty-eight percent also cited operations and technology lapses as key causes of security failures. Problems resulting from third parties such as contractors and business partners, meanwhile, received 28 percent of the votes as a root cause of security failures.

Misbehaving employees also figure prominently in IT fears: Ninety-one percent of respondents say the risk of employee misconduct related to information systems worries them.

Another security worry is many line-of-business executives' tendency to see information security as solely IT's problem, Deloitte says. Forty percent of surveyed companies give IT the primary responsibility for information security, and 45 percent say top management is informed about security issues only on an ad hoc basis. And although 62 percent say security is a key imperative at the board or executive level, that number is low, says Deloitte, since security should be top strategic priority for every TMT company.

To mitigate these security threats, Deloitte recommends that security goals be integrated into business strategies and plans. Measuring ROI on security efforts and providing thorough and ongoing security training to all levels of the organization are also key, Deloitte advises. Training can educate employees on how to deal with the latest security threats and can serve as a reminder to stay vigilant. For more lessons on security ROI, see "How GE Uses Six Sigma to Drive Security ROI" and "Your Guide To Good-Enough Compliance."

"The technology, media and entertainment and telecommunications industries are still in a reactive mode when it comes to their approach to security," said Rena Mears, Deloitte's global and U.S. privacy and data protection leader, in a press release. "A prerequisite for effective information security is the implementation of a proactive information security strategy that is closely linked to the company's overall business strategy, business requirements, and key business drivers."

Other stories by Diann Daniel

© 2008 CXO Media Inc.
Loading...
 
 
CENTER OF EXCELLENCE
 
Security
» Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.
» Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.
» Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.
» 7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.
» E-LOAN Maintains Reputation as a Privacy Leader with Symantec Data Loss Prevention Solutions
Learn how this proactive implementation of a DLP solution helps ensure E-LOAN's customer trust and loyalty.
Center sponsored by

 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Secure your virtual and physical environments with the same software.

Quest Authentication Services: Simplify Identity Management

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

Managing SSL Security in Multi-Server Environments

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Protecting Data in a Highly Networked World

How to Manage the Mobile Work Environment

Extending PCI Compliance to the Mobile Workforce

Building an Online Customer Experience Competency

Best Practices for Providing Secure and Cost-Effective Remote Access

Telepresence - A Realistic Solution Connecting a Global Workforce

Turn Information into a Competitive Advantage

How End-User Monitoring Can Help You Improve Customer Satisfaction

The PCI Data Security Standard

Proving Control of the Infrastructure

The Benefits of Data Deduplication for Data Protection in the Enterprise

Consolidation: Just the Starting Point for Virtualization

Oracle Database 11g: Real Application Testing & Manageability

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Optimizing Infrastructure Control

Effective Security with a Continuous Approach to ISO 27001 Compliance

Integrating ActiveRoles With IBM Tivoli Identity Manager 5.0

Quest Authentication and IBM Tivoli Identity Management

Top 10 Ways to Protect Against Web Threats

The Case for Business Software Assurance ~ Securing Your Applications

Configuration Audit and Control for Virtualized Environments

Getting in Compliance with Government Data Regulations

Solving Online Credit Fraud Using Device Reputation

File Integrity Monitoring: Secure Your Virtual & Physical IT Environments

Maximizing Site Visitor Trust Using Extended Validation SSL

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Strategies for Asia-Pacific Expansion

They Can't Steal What You Don't Have: Smart Security Choices for Mobile Workers

Unify and Conquer: The Benefits of Unified Communications.

Data Center Asset Planning - Regaining Control of the Data Center

HP Webcast: Transforming the Data Center

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

Destination: Intelligent Data Center Automation

Build up or Tear down? See how UC makes sense with Nortel. Calculate your UC ROI

How the Mac is Becoming an IT Standard in the Enterprise

Reap the Benefits of Unified Communications

Renowned Engineering Institution Chooses AMD Processor-Based Servers

New research validates telepresence solutions.

Configuration Assessment: Choosing the Right Solution

How to Calculate the ROI of Remote Support