Information Security Survey Benchmarks IT Security Trends And Practices By Company Size

Available Now, Survey Finds Large Organizations At Greatest Risk; Organizational Dynamics Play Major Role in Hindering Implementation of Effective Security Practices

A new survey released by Information Security® magazine reveals that large organizations are at far greater risk to hacking and viruses than small companies due to organizational dynamics that hinder the implementation of effective security practices. According to the survey, the first of its kind to benchmark critical IT security trends and practices by organization size, small companies spend nearly 20 percent of their IT budgets on security, while large companies spend only 5 percent, and suffer five times as many security incidents.

Some of the major findings of the Information Security magazine survey include:

– Malicious code, such as viruses, worms and Trojans, remains the number one most concern of most IT security professionals. Some 31 percent of survey respondents said it was their most important problem, followed by the security of authorized users (23 percent) and security vulnerabilities in IT and telecommunications equipment (15 percent).

– IT security remains a cottage industry when it comes to the establishment and implementation of formal policies and procedures. In multiple ways, IT security is still trying to gain a foothold in the day-to-day activities that govern an organization’s operation and culture.

– As organizations get larger in size, their security departments are not keeping up with the demands of increasingly complex organizational infrastructures. Security spending per user and per machine declines exponentially as organizations grow, leaving most handcuffed when it comes to implementing effective security practices.

– Spending money on security does not reduce the number of incidents or the probability or extent of loss stemming from those incidents. But allocating more budget and resources to security does not increase an organization’s ability to detect loss.

– Senior IT security professionals have little authority in driving the overall security mission in their organizations. Only 10 percent of chief information security officers (CISOs) report to the board of directors. And while 88 percent of CISOs prepare security budgets, only 37 percent of them approve budgets.

Full results and analysis of the survey are available at http://www.infosecuritymag.com/2002/sep/2002survey.pdf. Information Security magazine’s editor-in-chief Andrew Briney is available to discuss the survey findings and methodology in more detail. Please call Cynthia Smith of TruSecure at 703-480-8509 or email csmith@trusecure.com to set up an interview.

Released in September 2002, Information Security magazine’s fifth annual industry survey was completed by 2,196 information security managers, engineers, administrators, consultants and analysts from financial services, health care, consulting, government and other public and private industries. Statistics in the survey reflect responses from 215 qualified respondents.

About Information Security

Information Security magazine is the industry’s leading trade publication, providing news, analysis, insight and commentary on today’s infosecurity marketplace. Published monthly by TruSecure Corp., the magazine includes in-depth features, “how-to” primers, timely news coverage, authoritative commentary, an unbiased product testing center and more, all authored by recognized experts in the infosecurity field. The magazine is a multiple-year award winner from the American Society of Business Publication Editors (ASBPE) for outstanding design and editorial content. The publication is free to qualified readers. For more information and to subscribe, please visit http://www.infosecuritymag.com.

About TruSecure Corporation

TruSecure is a leading information security services provider, offering the only fully integrated, enterprise risk management services on the market. TruSecure’s unique blend of proactive risk reduction with real-time security management, monitoring and response assures continuous security of critical business information assets. TruSecure Certification has become a globally recognized symbol of commitment to effective security in an interconnected economy. Additionally, TruSecure owns the independently operated ICSA Labs® and Information Security® magazine. Headquartered in Herndon, VA, TruSecure protects more than 700 sites worldwide, with operations in North America, Central America, Europe and Asia Pacific. For more information about TruSecure Corporation, visit www.TruSecure.com.