“The development of a security policy has
always been the cornerstone of ensuring effective security
practices,” explained Jackie Hyde, an Information Security
Analyst at Datapro Information Services Group in the United Kingdom.
“When companies operate without a security policy, their entire
security program becomes suspect.”
"Too many organizations take a reactive rather
than proactive approach to security," added Rebecca Duncan, Information
Security Analyst based in Datapro’s worldwide headquarters in
Delran, New Jersey. "This is particularly evident with electronic
commerce. Many organizations are scrambling to sell their products and
services over the Internet. Yet only 15% of the survey respondents use
encryption, a core element of secure electronic commerce.”
Even for those US companies that do employ
encryption, determining what methodologies to use—and which are
permitted by the Federal government—can be confusing. “On
October 1, the White House bowed to pressure from the computer industry
and announced it would permit US companies to export products using 56
bit keys to countries outside North America,” said Duncan.
“Previously, only 40 bit keys were permitted. This is
significant, because it restores the ability of US companies to compete
in the global software marketplace and should hasten the introduction
of products that enable secure electronic commerce.”
Security Survey Highlights
The survey revealed a number of international trends and issues of concern to IT executives:
-
Overall, the majority of security practitioners plan to spend less than 5% of their IT budgets on security.
-
Although 68% of survey respondents report
being concerned about security threats posed by Internet access, only
15% and 28% respectively use encryption or firewalls.
-
IT Executives in the US and Canada are
relatively untroubled by computer viruses and malicious code, with 52%
and 44% respectively viewing them as a primary security threat.
Computer viruses and malicious code were perceived as most threatening
in the Asia/Pacific region (66%), Latin America (61%), and Europe (60%).
-
Theft of computer equipment is most rampant in
Europe, with 52% reporting incidents during the previous 12 months. Far
fewer incidents were reported in Canada (28%), the US (25%), Latin
America (23%), and the Asia/Pacific region (17%).
-
While IT executives from all regions
overwhelmingly acknowledge the critical importance of developing and
maintaining a disaster recovery plan, most fail to do so. Of those
surveyed, only 10% (Latin America), 19% (Asia/Pacific region), 26%
(Europe), 43% (US), and 49% (Canada), have a disaster recovery plan in
place.
Survey Methodology
Datapro conducted the Computer Security Issues
Survey in April 1996. The survey questionnaire was mailed to 11,000
security professionals in the US, Canada, Central and South America,
Europe, and the Asia-Pacific region. A total of 1,342 valid responses
(approximately 12%) were received. The survey asked recipients to
provide information on the size and complexity of their installations,
their use of security policies, their main areas of concern, security
incidents experienced, and security measures implemented.
Report Availability
The survey report is included in the October issue
of Datapro’s Information Security Service. The report can also be
purchased for $250 by contacting Lucinda Washington, Reprints Manager,
at Datapro Information Services Group in Delran, NJ: 609.764.0100
x2897. Customized reports and tabular data are also available.
About Datapro
Datapro Information Services Group, a division of
The McGraw-Hill Companies, provides timely and accurate information and
analysis on the full spectrum of IT products, vendors, technologies and
markets. Drawing on the strength of an international staff of
researchers and analysts, Datapro has been relied on by thousands of
organizations and consulting firms for more than 28 years. Visit
Datapro’s home page at http://www.datapro.com.
