iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Ernst And Young Release Annual Security Survey
Search:
[ news_security_news ]

Ernst And Young Release Annual Security Survey



Dan Morrill
Contributing Writer
2006-11-20

SecurityProNews: Insider Reports Insider Reports RSS Feed


Ernst and Young have released their annual security survey, and the findings are in line with other similar surveys this year.

More focus on security, both network based and paper based, with a shifting focus from the outsider to the insider. It looks like it is time to stop with the hard crunchy outer shell, and start taking a holistic view of the entire security food chain.

Ernst and Young findings:

Companies face a number of top priorities in integrating information security, especially in regards to compliance, privacy, and personal data. (Editors note, fixed multiple typos in the quoted material).

Top Priorities:

• Integrating information security with the organisation: embedding information security into the mainstream of the business with increased visibility and resources.

• Extending the impact of compliance: shifting attitudes from compliance as a distraction to being an enabler, bringing advances in risk-based security for organizations.

• Managing the risk of third party relationships: recognizing the challenges, issues and actions needed to manage the risks with global suppliers and outsourced partners.

• Focusing on privacy and personal data protection: taking a proactive and comprehensive approach to mitigating the risks related to privacy and personal data protection.

• Designing and building information security: using externally imposed compliance deadlines and security incidents as a catalyst for proactive investments in stronger capabilities and defenses.

Other Findings:

This was more interesting than the top priorities, in that along with slow steady progress, the new laws and rules over the last 4 years are really starting to have a positive impact on the industry as a whole.

• 43% of respondents, compared with 40% in 2005, say information security is integrated with their organizations' risk management programs and processes.

• This year's survey suggests that companies' information security policies, roles and responsibilities are not only reasonably well-developed, but are also more clearly and effectively communicated and understood by employees.

• Increasingly information security outsourcing is a topic for discussion of corporate outsourcing and is being driven in part by the limited availability of experienced and well-trained security practitioners.

• More than half of survey participants confirm that their compliance work is part of an integrated organisation-wide compliance effort and risk management framework.

• Over the next year, after working on compliance and privacy, more survey participants say they will be working proactively to help their organizations meet global business objectives.

• Nearly 80% of survey respondents have identified and prioritized critical business processes as part of their business continuity plans; three quarters of them have undertaken an IT risk assessment in developing their plans.

• Nearly half of information security executives say they have adopted or plan to adopt an information security standard.

In comparison, Computer World is running this:

"There has been a lot of spending on network security, but the perception is there is not a lot of risk in that area," says Forrester senior analyst Tim Sheedy. "But there is very little spending around insider abuse, social engineering or even paper theft, which are major risks to the organization."

Sheedy claims that in a few years IT security will be measured much like other business metrics. Businesses will be able to factor in the actual information security risk, based on factors such as employee behavior, system readiness and the financial ramifications of employees who expose an organization's most sensitive information -- either willingly or by accident. (Computer World)

Given that there is a view that business will start collecting and using security metrics to determine effectiveness, the Ernst and Young survey shows that this process is at least started, and in some companies well under way.

Comments

Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Get all the updates in RSS:


About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds