Results from a worldwide study by PricewaterhouseCoopers, CIO magazine, CSO magazine.
Organisations worldwide are investing in infrastructure but lagging in implementation, measurement and review of security and privacy policies according to the 5th annual Global State of Information Security Survey 2007.
According to the survey, the majority of organisations now have a CSO or CISO in place (60% in 2007 vs. 43% in 2006), as well as an overall information strategy (57% in 2007 vs. 37% in 2006), and results show the majority are also heavily invested in technology safeguards such as network firewalls (88%), data backup (82%), user passwords (80%), and spyware (80%). However, the investment of time in practical measures remains low. For example, many respondents (63%) state that they do not audit or monitor user compliance with security policies, and less than half (48%) have measured and reviewed the effectiveness of security policies and procedures in the last year.
Other findings show that IT is taking budgetary control in 2007, with the majority (65%) of information security budgets now coming directly from the IT department, a jump from only 48% in 2006. Other department budgets for information security are down this year, including compliance/regulatory (9% in 2007 vs. 18% in 2006), finance (15% in 2007 vs. 19% in 2006), and other business lines (4% in 2007 vs. 18% in 2006). Additionally, security reporting and IT bounced back for the first time in four years with survey results showing more split reporting lines and security reporting to multiple departments.
Industry Specific Results:
Publications Search Page
