Slashdot Mirror

← Back to Stories (view on slashdot.org)

Survey On Security Investment Trends

Posted by Hemos on from the how-does-it-work-and-measure-it dept.

whoisjoe writes "Information Security Magazine has an interesting article (although it's in PDF) on the trends and effects of security spending by organizations. Basically, organizations tend to spend less per machine as they grow, and the effectiveness of their investment tends to depend more on the share of the IT budget than the absolute amount."

2 of 67 comments (clear)

  1. screw it, here is the summary by plasticquart · · Score: 3, Informative
    Herndon, VA - September 17, 2002 - A new survey released by Information Security magazine reveals that large organizations are at far greater risk to hacking and viruses than small companies due to organizational dynamics that hinder the implementation of effective security practices. According to the survey, the first of its kind to benchmark critical IT security trends and practices by organization size, small companies spend nearly 20 percent of their IT budgets on security, while large companies spend only 5 percent, and suffer five times as many security incidents.

    Some of the major findings of the Information Security Magazine survey include:

    • Malicious code, such as viruses, worms and Trojans, remains the number one most concern of most IT security professionals. Some 31 percent of survey respondents said it was their most important problem, followed by the security of authorized users (23 percent) and security vulnerabilities in IT and telecommunications equipment (15 percent).
    • IT security remains a cottage industry when it comes to the establishment and implementation of formal policies and procedures. In multiple ways, IT security is still trying to gain a foothold in the day-to-day activities that govern an organization's operation and culture.
    • As organizations get larger in size, their security departments are not keeping up with the demands of increasingly complex organizational infrastructures. Security spending per user and per machine declines exponentially as organizations grow, leaving most handcuffed when it comes to implementing effective security practices.
    • Spending money on security does not reduce the number of incidents or the probability or extent of loss stemming from those incidents. But allocating more budget and resources to security does not increase an organization's ability to detect loss.
    • Senior IT security professionals have little authority in driving the overall security mission in their organizations. Only 10 percent of chief information security officers (CISOs) report to the board of directors. And while 88 percent of CISOs prepare security budgets, only 37 percent of them approve budgets.
  2. Blind faith in the firewall by Anonymous Coward · · Score: 3, Informative

    All too often organizations will also trust the firewall to keep the company secure with WAY too little attention to keeping internal machines patched and up to date. Of course, this leads to a single point of failure, and if anyone makes it past the firewall it's a total free-for-all.