Over a half of IT security pros say their security policies do not have clear consequences
In a recent survey of 113 IT security professionals, 51% percent stated that their organization’s security policies do not have clear consequences for security violations, highlighting the challenges in creating and implementing a coherent security policy. nCircle, the leading provider of agentless security risk and compliance management solutions, conducted the survey from May 7 to August 16, 2007.
According to Andrew Storms, Director of IT Security for nCircle, “It’s interesting that these results are nearly evenly split. This reflects the challenge of maintaining a corporate policy that matches a continuously changing threat environment. It also reflects the challenge of applying that policy when every infraction involves a different level of risk and a wide variety of human factors.”
“However, the fact that nearly half believe their policies do indeed have ‘teeth’ and are enforceable seems to demonstrate that organizational commitment to maintaining stringent security policy and meting out appropriate consequences is increasing,” said Storms.