Slashdot Mirror

← Back to Stories (view on slashdot.org)

2004 Global Information Security Survey Results

Posted by michael on from the loose-chips-sink-mips dept.

jotok writes "CIO.com has released the results of its 2004 Global Information Security Survey, based on the responses of over 8,000 people in 62 countries, highlighting the Six Secrets of Highly Secure Organizations. The report indicates that security awareness and implementation are gradually improving, but also that information security is still not recieving the attention it requires--especially from management and IT personnel."

3 of 77 comments (clear)

  1. Clarification by jotok · · Score: 5, Insightful

    The article, in the most polite way possible, slams IT types for disregarding security and not knowing how to properly interface with law enforcement personnel.

    From my perspective, there is a real dichotomy between IT and Security. While I have encountered quite a few IT types who take the time to learn about security issues, it seems as if they involve completely different mindsets. IT personnel are technical support--they worry about connectivity and uptime and handling the clownishness of the users. Security types are usually a lot more paranoid and consider the needs of the users a secondary concern to the integrity of the assets.

    The current model seems to be to hire a few security experts (and I use the term loosely--for every Eric Cole there probably 1000 clowns who read his book and considers himself just as good) to give recommendations and train the IT staff. I think the improvement in incident response and cleanup times is the result, but do you see that in terms of prevention we're not any better off?

    Some kind of integrated approach is necessary, but I think it's a ways off.

  2. Re:Sad state of affairs in IT security. by jokach · · Score: 5, Insightful

    In our shop, our upper management are the worst offenders. We have a COO that demands his laptop be built to auto login to everything. He doesn't want to remember passwords. The few passwords he has to remember are like 1234 or ABCD.

    Since senior management doesn't care, what makes them think that employees lower than them should?

    This same COO had his email account hacked because of a poor password and blamed IT for not having enough controls in place.

    I'm sure you can imagine my response.

  3. Re:Top 6 secrets.. ha ha by Spoing · · Score: 5, Interesting
    1. Secret 1: the password is 1.. 2.. 3.. 4.. 5!
      Company XYZ somewhere, reading list: "CRAP! That's the same combination we use for root!"

    That would be an improvement over reality: One facility run by a subcontractor has a database that processes 50K checks/day and generates checks in excess of $1 million/day.

    Last time I checked, the database had no password on the administrator account.

    Nobody was interested in changing this "because we are behind a firewall" and "there's no reason why anyone would look for us or could find us".

    Thus, my sig;

    --
    A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.