tsqm overall merged data analysis by industry analysis by company size july 10, 2006 vicki deng
TRANSCRIPT
![Page 1: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/1.jpg)
TSQM
Overall Merged Data Analysis by Industry
Analysis by Company Size
July 10, 2006Vicki Deng
![Page 2: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/2.jpg)
In-depth Analysis of Gaps
• Performance Gaps: – Current Status v. Importance
• Industry Gaps: – i.e. Healthcare v. Retail
• Company Size: – Small business v. Large Scale Enterprise
• Role Gaps: – i.e. Business Managers v. IT staff
• Inter-Enterprise Gaps: – i.e. Internal Line Manager v. Supplier
![Page 3: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/3.jpg)
Topics & Findings
• Perceptions of Security
• Security Culture Gaps
• Why Accessibility Won’t Sell
![Page 4: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/4.jpg)
Perceptions of Security
• Overall assessment of importance is always higher than that of a partner organization. – While it makes sense that the first priority is to make
your own organization secure within and from the outside world, it is absurd to think that security is less important for your partner organization
– It is natural to believe your own organization is better or more important, but it can create a false sense of security
• My & partner assessment is about the same. – The similar assessment seems reasonable since
responses may be biased towards security practices at their own organization.
Perceptions of Security 1 of 2
![Page 5: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/5.jpg)
• Gaps in assessment and importance shows signs of security awareness in organizational members which is the first step towards better security – Largest gap is MI-MA followed by PI-PA
• This trend suggests that organizations may see themselves as “invincible” and thus become complacent under this illusion of safety
• The need to share certain information with business partners, suppliers, and customers over internet leaves the organization vulnerable to factors beyond their control
Perceptions of Security
Perceptions of Security 2 of 2
![Page 6: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/6.jpg)
Security Culture Gap
• The greatest performance gap by and large is security culture.– Security culture has an average security
status assessment of 4.99 and a rated importance of 5.81
– With a gap of .82, the difference in perception is statistically significant with a 99% confidence level
– This is gap is mostly true for all types of organizations of all sizes
Security Culture Gaps 1 of 5
![Page 7: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/7.jpg)
Security Culture (Survey QS)
• Security Practices– People in the organization are knowledgeable about
IT security tools and practices. [q08; gap=.82] – People in the organization carefully follow good
security practices. [q14; gap=1.08] Largest gap!– In the organization, people are aware of good security
practices. [q33; gap=.78] • Ethics and Trust
– People in the organization can be trusted not to tamper with data and networks. [q21; gap=.69]
– People in the organization can be trusted to engage in ethical practices with data and networks. [q26; gap=.74]
Security Culture Gaps 2 of 5
![Page 8: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/8.jpg)
Why the Gap in Security Culture?
• Security culture may be the weakest link in the house of security since predictable and unpredictable humans factors come into play
• Few are aware of good security practices and even fewer actually follow through
• Trust and ethics factors as one of the most important aspects of security culture, but it cannot be regulated or written in a policy
Security Culture Gaps 3 of 5
![Page 9: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/9.jpg)
Security Culture Gap
• The importance of security culture is rated 17% higher than assessment of current status – Even though this is the most crucial area to improve upon, it is
not possible without the financial & IT resources, effective security policy, and integration into business decisions
• Organizations need to assess their own security culture and determine what is holding back its members from following good security practices
• With new technology, comes new problems and a culture needs to be flexible enough to deal with change, and change when it is no longer working
Security Culture Gaps 4 of 5
![Page 10: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/10.jpg)
Further Implications
• Large gaps in security culture could be due to a lack of:– awareness about current security practices– incentives to follow them– strong leadership– understanding about how a member’s actions fits into the larger
picture
• Gaps in security policies lags behind security culture– Policy compliance does not necessarily mean good security
culture
• Even if policies are tough, it still not enough without a proper security culture within the organization since policies tend to be reactive in nature – that is why organizations need to focus on security culture
Security Culture Gaps 5 of 5
![Page 11: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/11.jpg)
Why Accessibility Won’t Sell
• Accessibility– Rated highest importance, but also highest
assessment of current status– Lowest MI-MA with a gap of .33, also lowest for PI-PA
with a gap of .25– MI-MA gaps of other constructs range from .50~.82
• This raises several questions– Is accessibility technology and methods already
matured or even saturated?– Does the importance of accessibility overshadow the
importance of vulnerability?
Accessibility 1 of 5
![Page 12: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/12.jpg)
Accessibility (Survey QS)
• The organization checks the identity of users before allowing access to data and networks. [q04; gap=.26]
• The organization’s data and networks are only available to approved users. [q11; gap=.30]
• The organization provides access to data and networks to legitimate users. [q30; gap=.30]
• The organization’s data and networks are usually available when needed. [q34; gap=.44] Largest gap!
Accessibility 2 of 5
![Page 13: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/13.jpg)
Why Accessibility Won’t Sell
• High assessment and importance in ‘accessibility’ and ‘confidentiality’ indicates that these aspects of security the perceived as one of the most crucial aspects, but only accessibility show a small gap
• The small gaps in accessibility overall, across industries, company size, etc. suggest that current technology already has the capabilities to address and meet those needs
Accessibility 3 of 5
![Page 14: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/14.jpg)
Where is accessibility now?
• Is accessibility technology and methods already matured or even saturated?– Accessibility standards are emerging as e-commerce and other
internet transactions become commonplace– Despite good software technologies and capabilities, if people
using the software do not understand its capabilities and limits then it can’t successful
• “The organization’s data and networks are usually available when needed.” – This particular question had the largest gap within the
accessibility construct– Technology may be able to properly provide and regulate user
accessibility, but it can also hinder productivity
Accessibility 4 of 5
![Page 15: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/15.jpg)
Accessibility v. Business Strategy
• Does the importance of accessibility overshadow the importance of vulnerability?– Sometimes more accessibility may indirectly lead to
more vulnerability, especially if “Security is a business agenda item (mostly) for top executives in the organization.” (MA=5.01 for this qs. 22)
– Business strategy & financial resources is rated as the least important, while accessibility is rated as most important
– However, it is often the case that security often loses to business needs so more emphasis should be placed on publicizing the organization's security strategy
Accessibility 5 of 5
![Page 16: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/16.jpg)
Quick Stats on the Overall Data
• Top Gaps MA v. MI1. Security Culture (.82)
2. Financial Resources (.71)
3. Security Policy (.66)
4. Vulnerability (.66)
• Top Gaps PA v. PI1. Security Culture (.52)
2. Vulnerability (.49)
3. Financial Resources (.42)
4. Security Policy (.41)
• Highest Rated Assessment1. Accessibility (5.72)
2. Confidentiality (5.49)
3. Vulnerability (5.25)
• Highest Rated Importance1. Accessibility (6.05)
2. Confidentiality (5.99)
Merged Data 1 of 5
![Page 17: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/17.jpg)
Average Construct Values(Merged Data)
4.0
4.5
5.0
5.5
6.0
6.5Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security CultureMA
MI
PA
PI
Merged Data 2 of 5
![Page 18: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/18.jpg)
Construct Gaps Absolute Values(Merged Data)
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture|MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Merged Data 3 of 5
![Page 19: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/19.jpg)
Average Construct Values
Constructs MA MI PA PIAccessibility 5.72449 6.05240 5.47930 5.72586Vulnerability 5.25011 5.91091 5.13422 5.63091
Confidentiality 5.48836 5.99034 5.36076 5.69117Financial Resources 4.77187 5.48372 4.87259 5.29891
IT Resources 5.22360 5.81909 5.15534 5.54188Business Strategy 4.96765 5.54223 5.02332 5.35836
Security Policy 5.03849 5.70043 5.05328 5.46604Security Culture 4.98728 5.81140 5.01713 5.53841
Construct Gaps: Absolute Values
Constructs |MI-MA| |PA-MA| |PI-MI| |PI-PA|Accessibility 0.32791 0.24519 0.32654 0.24656Vulnerability 0.66080 0.11590 0.28000 0.49669
Confidentiality 0.50197 0.12760 0.29917 0.33041Financial Resources 0.71185 0.10072 0.18481 0.42632
IT Resources 0.59549 0.06826 0.27721 0.38654Business Strategy 0.57458 0.05567 0.18387 0.33504
Security Policy 0.66194 0.01479 0.23439 0.41276Security Culture 0.82412 0.02985 0.27299 0.52128
Merged Data 4 of 5
![Page 20: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/20.jpg)
Convergent and Discriminant Validity (Merged Data)
Reliability - Cronbach's Alpha ValuesMA MI
Accessibility 0.90758 0.93701Vulnerability 0.83714 0.91012Confidentiality 0.91808 0.94026FinancialResources 0.91878 0.92768ITResources 0.91023 0.93680BusinessStrategy 0.86877 0.89343SecurityPolicy 0.92184 0.93834SecurityCulture 0.92188 0.94296
Construct Validity - Convergent and Discriminant ValidityAccessibility Vulnerability Confidentiality FinancialResourcesITResources BusinessStrategySecurityPolicy SecurityCulture
Accessibility 0.96606 0.82730 0.86289 0.72385 0.81193 0.75817 0.75993 0.77299Vulnerability 0.82730 0.89537 0.85986 0.83791 0.88582 0.83439 0.85439 0.83308Confidentiality 0.86289 0.85986 0.97320 0.79234 0.86494 0.83070 0.85867 0.85271FinancialResources 0.72385 0.83791 0.79234 0.97366 0.88814 0.86196 0.86675 0.84406ITResources 0.81193 0.88582 0.86494 0.88814 0.96623 0.84474 0.87556 0.85137BusinessStrategy 0.75817 0.83439 0.83070 0.86196 0.84474 0.93056 0.88216 0.85515SecurityPolicy 0.75993 0.85439 0.85867 0.86675 0.87556 0.88216 0.97341 0.84505SecurityCulture 0.77299 0.83308 0.85271 0.84406 0.85137 0.85515 0.84505 0.96241
In the Construct Validity table, diagonals >0.50 indicates good convergent validity, and having the values of the columns of each construct lower than the diagonals indicates good discriminant validity.
•High values of Cronbach’s Alpha indicate the variables were a good measure of the latent constructs
•Indicates good reliability and consistency in the data set
Merged Data 5 of 5
![Page 21: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/21.jpg)
Industry
• 6 Main Industries, Total Responses: 1259– Banking & Finance (124)– Technology Services (128)– Health & Social Assistance (495)– Tele/Communications (93)– Manufacturing (244)– Retail (175)
• Industries not included due to lack of responses – education, defense, aeronautics, etc.
![Page 22: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/22.jpg)
Analysis by Industry
• Results from each Industry follows the trend of the overall data– Low status for accessibility– High gaps in security culture– MI > PI > MA,PA
• Banking & Finance, Communications – high MA, MI; low gap
• Health & Social Services & Technology Services – medium MA, MI; high gap
• Manufacturing & Retail – low MA, MI; high gap
![Page 23: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/23.jpg)
Quick Stats on the Industries
Assessment & Importance (high low)
1.Banking & Finance
2.Technology Services
3.Communications
4.Health & Social Assistance
5.Manufacturing
6.Retail
• Low Gaps1. Banking & Finance
2. Communications
• High Gaps1. Technology Services
2. Health & Social Assistance
3. Manufacturing
4. Retail
Industry Data 1 of x
![Page 24: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/24.jpg)
My Assessment by Industry
4.2
4.4
4.6
4.8
5.0
5.2
5.4
5.6
5.8
6.0
6.2
Accessibility Vulnerability Confidentiality FinancialResources
IT Resources BusinessStrategy
Security Policy Security Culture
BNK-06 COM-77 HLT-11 MNF-15 RET-25 TEC-26
![Page 25: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/25.jpg)
My Importance by Industry
5.0
5.2
5.4
5.6
5.8
6.0
6.2
6.4
6.6
Accessibility Vulnerability Confidentiality FinancialResources
IT Resources BusinessStrategy
Security Policy Security Culture
BNK-06 COM-77 HLT-11 MNF-15 RET-25 TEC-26
![Page 26: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/26.jpg)
My Security Gaps by Industry
0.0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
Accessibility Vulnerability Confidentiality FinancialResources
IT Resources BusinessStrategy
Security Policy SecurityCulture
Security Constructs
Se
cu
rity
Ga
p |
MA
-MI|
BNK-06 COM-77 HLT-11 MNF-15 RET-25 TEC-26
BNK – Banking & Finance, COM – Tele/Communication, HLT – Healthcare & Social Assistance, MNF – Manufacturing, RET – Retail, TEC – Technology Services
![Page 27: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/27.jpg)
Average Construct Values(Banking & Finance)
4.0
4.5
5.0
5.5
6.0
6.5
7.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security CultureMA
MI
PA
PI
Industry Assessment 1 of 6
![Page 28: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/28.jpg)
Industry Assessment 2 of 6
Average Construct Values(Health & Social Assistance)
4.0
4.5
5.0
5.5
6.0
6.5
7.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security CultureMA
MI
PA
PI
![Page 29: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/29.jpg)
Industry Assessment 3 of 6
Average Construct Values(Manufacturing)
4.0
4.5
5.0
5.5
6.0
6.5
7.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security CultureMA
MI
PA
PI
![Page 30: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/30.jpg)
Industry Assessment 4 of 6
Average Construct Values(Retail Trade)
4.0
4.5
5.0
5.5
6.0
6.5
7.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security CultureMA
MI
PA
PI
![Page 31: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/31.jpg)
Industry Assessment 5 of 6
Average Construct Values(Technology Services)
4.0
4.5
5.0
5.5
6.0
6.5
7.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security CultureMA
MI
PA
PI
![Page 32: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/32.jpg)
Industry Assessment 6 of 6
Average Construct Values(Communications/Telecom)
4.0
4.5
5.0
5.5
6.0
6.5
7.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security CultureMA
MI
PA
PI
![Page 33: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/33.jpg)
Construct Gaps Absolute Values(Banking & Finanace)
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture |MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Industry Gaps 1 of 6
![Page 34: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/34.jpg)
Construct Gaps Absolute Values(Communications/Telecom)
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture |MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Industry Gaps 2 of 6
![Page 35: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/35.jpg)
Construct Gaps Absolute Values(Healthcare & Social Assistance)
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture |MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Industry Gaps 3 of 6
![Page 36: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/36.jpg)
Construct Gaps Absolute Values(Manufacturing)
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture |MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Industry Gaps 4 of 6
![Page 37: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/37.jpg)
Construct Gaps Absolute Values(Retail Trade)
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture |MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Industry Gaps 5 of 6
![Page 38: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/38.jpg)
Construct Gaps Absolute Values(Technology Services)
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture |MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Industry Gaps 6 of 6
![Page 39: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/39.jpg)
Analysis by Company Size
• Follows trend of overall data
• Assessment and importance increase with size of company
• Exception to this trend company with 50K-100K employees
Size Company Size Objects1 1-100 2442 101-1,000 2853 1,001-10,000 3334 10,001-50,000 1435 50,001-100,000 656 More than 100000 138
• Companies smaller than 10K tend to have higher gaps in security– Especially true for security
policy
![Page 40: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/40.jpg)
Average Construct Values<Company Size 1-100 Employees>
4.0
4.5
5.0
5.5
6.0
6.5
Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture
MA
MI
PA
PI
Company Size Assessment 1 of 6
![Page 41: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/41.jpg)
Average Construct Values<Company Size 100-1K Employees>
4.0
4.5
5.0
5.5
6.0
6.5
Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture
MA
MI
PA
PI
Company Size Assessment 2 of 6
![Page 42: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/42.jpg)
Average Construct Values<Company Size 1K-10K Employees>
4.0
4.5
5.0
5.5
6.0
6.5
Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture
MA
MI
PA
PI
Company Size Assessment 3 of 6
![Page 43: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/43.jpg)
Average Construct Values<Company Size 10K-50K Employees>
4.0
4.5
5.0
5.5
6.0
6.5
Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture
MA
MI
PA
PI
Company Size Assessment 4 of 6
![Page 44: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/44.jpg)
Average Construct Values<Company Size 50K-100K Employees>
4.0
4.5
5.0
5.5
6.0
6.5
Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture
MA
MI
PA
PI
Company Size Assessment 5 of 6
![Page 45: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/45.jpg)
Average Construct Values<Company Size 100K+ Employees>
4.0
4.5
5.0
5.5
6.0
6.5
Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture
MA
MI
PA
PI
Company Size Assessment 6 of 6
![Page 46: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/46.jpg)
Construct Gaps Absolute Values<Company Size 1-100 Employees>
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture|MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Company Size Gaps 1 of 6
![Page 47: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/47.jpg)
Construct Gaps Absolute Values<Company Size 100-1K Employees>
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture|MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Company Size Gaps 2 of 6
![Page 48: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/48.jpg)
Construct Gaps Absolute Values<Company Size 100-1K Employees>
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture|MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Company Size Gaps 3 of 6
![Page 49: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/49.jpg)
Construct Gaps Absolute Values<Company Size 100-1K Employees>
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture|MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Company Size Gaps 4 of 6
![Page 50: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/50.jpg)
Construct Gaps Absolute Values<Company Size 100-1K Employees>
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture|MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Company Size Gaps 5 of 6
![Page 51: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/51.jpg)
Construct Gaps Absolute Values<Company Size 100-1K Employees>
0.0
0.2
0.4
0.6
0.8
1.0Accessibility
Vulnerability
Confidentiality
Financial Resources
IT Resources
Business Strategy
Security Policy
Security Culture|MI-MA|
|PA-MA|
|PI-MI|
|PI-PA|
Company Size Gaps 6 of 6
![Page 52: TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng](https://reader036.vdocuments.us/reader036/viewer/2022062322/5697bfab1a28abf838c9ac14/html5/thumbnails/52.jpg)
end