Recent Corporate Security Survey
Results 1 to 7 of 7

Thread: Recent Corporate Security Survey

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Recent Corporate Security Survey

    Just a link to a UK computer e-zine:

    http://www.theregister.co.uk/2005/05...urvey_results/

    Sorry, no quotes..............damn Adobe Acrobat and this box don't get on

    Seems like the spend and anticipated spend is rising, but it still seems (from other reading) that the traditional approaches are being followed.


  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    From the sidenotes (summary):

    Security understanding is still victim to the fear factor

    In this post downturn age of IT, we would hope that security understanding replicates the increased drive we see towards IT efficiency and effectiveness. However there is considerable evidence that psychological factors are as important as they ever were. For example, companies that suffered a security attack in the recent past, are significantly more aware they might suffer a similar attack in the future. Meanwhile, newer threats such as Spyware are incorrectly not yet seen as high risk.

    Policy-based security enhances awareness

    It should be expected that companies that take a policy-based, proactive stance on security issues, such as companies who have implemented a formal security policy, would be better protected against security threats. The research seems to show that having a full policy and having no policy makes little difference however, the analysis shows that this is down to lack of awareness of possible threats from those with no policy in place.

    Security threats are being hyped above those of unscheduled downtime

    Roughly three times as many respondents had experienced unscheduled downtime due to software or hardware failure, compared to downtime due to security issues. We should not downplay the issues caused by security, indeed, some system failures may be caused by security problems without it being that obvious. However, companies should be treating downtime in the round.

    Security issues are directly impacting individual productivity

    Respondents were quick to point out that there would be significant or some impact of security issues, on either their individual productivity or as a cost to the business. Indeed, over half of respondents considered that they wasted a day or so every month dealing with security issues. This equates to a significant financial cost to industry. A proportion of respondents (at least 10%) have suffered the impact of some kind of security attack in the past three months.
    Is it just me or is the CSI/FBI survey late this year? I thought it came out every April/May?

    I wonder, however, how much of this survey (The Register) is based on opinion (and FUDing that is often used in the industry) versus an objective view of things? The questions highlighted in the summary seem to be perspective based and that would be more likely a subjective view of the person answering rather than a truly objective view.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Thanks for doing that MsM...............guess the time has come to retire this old box?........It was the first one that I built for myself

    Is it just me or is the CSI/FBI survey late this year? I thought it came out every April/May?
    I could be very wrong, but I seem to think it used to come out around my late father's birthday (June23)?


  4. #4
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    They are always heavily based in opinion Ms. Mittens. The growing trend is to make an issue of finanancial loss. I took part in a case study recently along with a few surveys from national magazines. 90 percent of the questions were baited to get me to say, "hey I had HUGE financial losses due to security." Financial impact speaks to investors. Similarly, I find that over the past year hardware failures were a major impact in productivity and that is where spending has been recently.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Similarly, I find that over the past year hardware failures were a major impact in productivity and that is where spending has been recently.
    Which seems to coincide with what the Register survey is saying. Out of curiousity, is the hardware failure due to having older machines, poor patch implementation or just "lemons" of components? There is always a percentage of hardware failure but at what point does it go beyond "acceptable"? (e.g., as a cyclist, I know that I'll probably get a flat a year; maybe two if I do some rough road touring but if I get daily flats or weekly flats I'd find that unacceptable).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I have thought of this... seems this generation of failires is on hardware 4 years old. 2 Failures were NT machines. One hardware failure of a single raid disk. I was able to just rebuild it so that points to a hardware/software mismatch? Another was a failure in the domain security structure. Both upgraded in a painstaking manner. As for the others... I have a very complex system of office machines and production machines. As technology evolves so does complexity. To a point where minor changes or misconficuration has a huge impact. And among those complex systems are the security devices that overall make failures more iminent. Sometimes I set back and think "I need to make this thing less complicated." Give up some usability/security for stability."

    As for patches, some failures were out of date on particular hardware firmware patches. We focus on OS patches it seems.

    When I am moutain biking I sometimes get 2 flats in an afternoon. My tubes are full of holes from rocks and thorns. With computers, as long as the hardware still functions in that the CPU, Memory, storage are still in a forseeable operating state, say another year or so - I patch all the hardware and reinstall the OS with a notion to pay closer attention to event logs.

    I have also decided the "consolidate your servers" business is flawed. Even in a cluster condition (which I have revisited due to hardware failures) there are single points of failure. And RC law dictates that is going to be where a failure happens. Therefore I have begun to reverse that trend. Grouping Applications across servers to reduce failure impact.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    Originally posted here by MsMittens
    Which seems to coincide with what the Register survey is saying. Out of curiousity, is the hardware failure due to having older machines, poor patch implementation or just "lemons" of components? There is always a percentage of hardware failure but at what point does it go beyond "acceptable"? (e.g., as a cyclist, I know that I'll probably get a flat a year; maybe two if I do some rough road touring but if I get daily flats or weekly flats I'd find that unacceptable).

    We have had an inordinate amount of hardware failures in the past year. Ours is due to having old, EOL, machines that are still in production. That's what happens when you have a board that is more interested in seeing their bottomline look better than the company running more smoothly

    We have a ton of old Sun equipment that has reached their end of life. We haven't upgraded them, and we aren't going to be upgrading them in the near/mid future it seems.

    I'm guessing that a lot of small/mid sized companies out there are experiencing the same thing we are. I'm also going to guess that more people will have bigger hardware failures in the next year or two until companies start spending money in IT like they used to. There is only so much that duct tape and prayers can do

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •