IT Security Survey

The “2012 Global Information Security Survey” by Ernst & Young found cloud computing to be one of the main drivers of business model innovation and IT service delivery. Of the 1,850 chief information officers and chief information security officers that participated in the survey, 59% said they use or plan to use cloud services. However, 38% admitted they have not taken any measures to mitigate risks.

Many CIOs and CISOs are struggling to adapt security practices to a changing environment that includes cloud computing, social media, and tablets. The survey indicated that 31% of the respondents said they saw an increase in the number of security incidents over the past year.

More than one-third said that company-owned mobile devices have been adopted, but use of personal devices is not allowed for business. The survey found that 36% have acquired mobile-device management software and 31% now have a governance process to manage the use of mobile applications. Encryption plays a central role for 40% of those surveyed.

Just over half said the area of highest priority for them is business continuity, including management and disaster recovery. But one surprise, the report states, is that the second-highest priority is a fundamental redesign of their information security program. The study indicated these IT professionals feel they have a patchwork of non-integrated, complex, and fragile defenses that create gaps in their security.

A major complaint from 43% of respondents is that they can’t find the right people with the right skills and training (see below) to handle information security jobs. And, when asked what threats or vulnerabilities have most increased risk over the past year, the answer at the top of the list was “careless or unaware employees,” followed by “cyber attacks” to steal financial information.

This article is an edited version of an article written by Ellen Messmer at Network World. You can read the full article at this Network World web page.

To read about our ISO 27001 Information Security Lead Auditor course, view this web page at our Whittington & Associates web site.