isse 2008 information security status
TRANSCRIPT
Information Security Status in Organisations
2008
Anas Tawileh, Jeremy Hilton, Stephen McIntosh
Cardiff University
Outline• Methodology and Approach
• Survey Findings
• Feedback
• Summary and Discussion
Methodology and Approach• Structured approach to questionnaire design
• Based on the Information Assurance Model
• Model describes a desirable state of information assurance in organisations
• Open-ended question added to elicit feedback
Respondents’ Profile
Respondents’ Profile
Organisation Sector
Information Security Requirements
Data Backup
Privacy and Integrity
Measures Against Internal Misuse
Respondents’ Feedback
“My goals as IT supervisor and management goals are not always the same, management is worried about sales/profits, and not security.”
“It would be nice to know how many "no's" one selected out all questions to slam it in the face of those opposing any IT security.”
Respondents’ Feedback
“I am concerned. I am the one and only who is concerned. After hours, anyone who somehow got admitted into our offices could walk out with a laptop sitting on the reception desk containing practically all the confidential info we have. Refusal to invest in a steel cable.”
Summary and Discussion• A significant gap exists between large
organisations and their smaller counterparts in the adoption of information security
• Organisations seem to focus more on confidentiality and authentication
• Privacy (still) is a growing concern
Summary and Discussion• Organisations are not very well prepared to
satisfy the requirement for external collaboration
• Over-reliance on technical measures
• Little attention is paid to the human aspect of security
Thank You.