[ news_security_news ]
Gov. Regulations Cut Into Time, But Result In Safer Networks
SecurityProNews
Staff Writer
2004-12-22
 Insider Reports RSS Feed
A new survey of computer security professionals reveals that while many of them believe that the time they need to comply with increased government regulations has cut into their ability to secure their computer networks, they also admit that those networks are safer as a result.
Yet, almost one in five said they would be willing to leave their networks unprotected on an around-the-clock basis, preferring to accept the risks to their networks and to the information contained on them.
The 2005 IT Security Management Survey, conducted during November by RedSiren received responses from more than 300 information technology and security professionals working at a wide range of companies, in the public, private and government sectors.
Two-thirds of those who took part in the survey acknowledged that the wide range of government regulations, such as Sarbanes-Oxley, HIPAA, and GLBA, has affected their company's handling of IT security issues. Among those affected, 62% said they now spend more time complying with those regulations, and less time on activities actually protecting their networks; more than 38% said those regulations have caused them to either divert or delay new IT security projects. But a large majority (66%) acknowledged that compliance with those regulations has, in fact, made their networks more secure.
More than 19% of the respondents admitted that they were willing to "assume the risk," rather than protect their networks around the clock once patch management and incident response products, although not perfect, become more automated. RedSiren's analysis behind the responses showed that small- and mid-sized government agencies and medical practices were more likely to answer this way.
"This shows a clear disconnect among the very people who need to be thinking proactively about how to best protect their networks and the information that resides on them," said Nick Brigman, RedSiren's vice president of product strategy. "On one hand, they know that the government's rules are making them move in one direction. But on the other hand, a surprising number are willing to leave things to chance."
"They may feel they're small and would be overlooked by potential attackers," Brigman continued. "Our experience with clients worldwide shows precisely the opposite: that attackers are looking for any outlet to gain control, regardless of size. At best, these people may be deluding themselves into a false sense of security. At worst, they're taking a dangerous risk."
To bring more value and perspective to readers of the survey, RedSiren asked security market analysts at Current Analysis, and the security practice leader of Baker & McKenzie LLP to provide sanitized independent and in-depth review of the results.
"The survey results provide strong evidence for the fact that information security is no longer just a technical issue for the IT department - it has clearly become a legal issue for most businesses as well," said Thomas Smedinghoff, with Baker & McKenzie LLP, who focuses on emerging legal issues relating to e-business, electronic transactions, information security, and privacy, as well as information technology, and intellectual property.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
