You can't secure what you don't acknowledge.SM

Saturday, July 12, 2008

My security content from this week

...well, there is none. Two weeks in a row! I have written several articles recently, though, that will be published soon.

BTW, sorry for being out of touch recently. Vacation and playing catch-up has set me back a bit!

Until later...

Tuesday, July 8, 2008

Interesting stats from Information Security Breaches Survey 2008

First of all, for those of you reading this in the U.S., welcome back from the 4th of July holiday!

I just came across some statistics in the U.K.-based Information Security Breaches Survey 2008 that provides some insight and clarity into why we still (and always will) have security breaches:
  • 98% of respondents scan for spyware...55% have a documented security policy.
  • 97% filter for spam...40% provide security awareness training.
  • Only 6% have suffered a confidentiality breach...as far as they know.
  • 52% do NOT carry out formal risk assessments...while 81% believe their board believes security a high or very high priority. Ha!
  • 78% had computers stolen that didn't have encrypted drives. I still don't get this one!!
  • 84% do not scan outgoing email for confidential data...this is where (and why) the bad guys focus their efforts.
Oh, and 84% are heavily dependent on their IT systems...The other 16% just don't realize their dependence. Yet.