NEW - IDC WebcastFree E-NewslettersRSS Feeds | Site Map
Security Resource CentreBusiness Value of TechnologyMunicipal Centre
SearchSearch
Tips
Policy
HR
Registration
Program
Collaboration
Technology
Slice by Program
Registration < Enabling Registration < Shift in security risk priorities, says Symantec study

Shift in security risk priorities, says Symantec study

By: Matt Hines, InfoWorld (U.S.)(Feb 01, 2008 01:00:00)

The notion that technologies used to improve IT security serve as the most vital element of corporate risk management currently ranks below other priorities among customers, according to Symantec's annual survey of 405 businesses.

Respondents to the study rated IT availability management and work on specific regulatory compliance projects as comparable, and in some cases more important, to their ongoing risk mitigation efforts.

In addition, fewer businesses are utilizing a strategy that approaches IT risk as a standalone skill set or initiative, according to the Symantec report.

One year ago, customers participating in the study indicated that the adoption of security technologies represented the central tenet of their risk management plans. In the 2008 report, 78 per cent replied that availability maintenance concerns are now as vital to their exposure mitigation efforts as the installation of security tools.

Some 70 per cent of respondents replied that security projects are still a critical part of their approach. However, 53 per cent of the IT-related incidents experienced by surveyed companies were tied to other issues besides problems with systems defence.

"IT risk doesn't necessarily equate to security risk. That's a big shift and the key takeaway is that organizations are getting more mature around the portfolio of risks they have to manage," said Samir Kapuria, managing director of Advisory Services at Symantec.

"In the past, people looked at one area as discreet, but now they're addressing the four pillars of compliance, security, risk, and performance availability as part of a balanced strategy."

Increasing interdependence on IT systems shared between business partners has elevated availability and performance concerns above security issues -- and businesses are more worried about causing a bottleneck in their global supply chain then they are looking to thwart attacks, the expert contends.

"IT systems availability can have a downstream impact which has had this downward effect," Kapuria said.

Spending on compliance-oriented projects also stands as a major piece of most companies' plans, with 68 per cent of those people responding stating that their employers rate those efforts as crucial to their risk management strategies.

Respondents indicated that high-level risk management projects have become less central to their IT planning, with companies favouring targeted initiatives that address individual problems or regulations.

In terms of the participants' expectations to avoid and prevent IT breakdowns, 69 per cent said they believe they will encounter at least one minor incident per month, with 63 per cent predicting a major IT failure at least once a year.

Some 26 per cent indicated they expect a failed regulatory compliance incident at least once annually, and 25 per cent said that they will experience a data loss event every 12 months.

"This speaks volumes to the confidence that people have about their overall IT risk posture," said Kapuria. "Part of the problem is that people only do assessments on a bi-annual basis, or they might inventory their assets sporadically; that gap is what often leads to exposure in availability, security, compliance, or performance."

All the individual projects involved need to be managed on an ongoing basis, he said.

However, the process remains a moving target. Increased adoption of mobile devices and other distributed enterprise trends continue to boost data and compliance risks, while business practices -- including fast-paced mergers and acquisitions -- introduce greater complexity, Kapuria said.

More than technological efforts, the Symantec report contends that companies may see faster returns in improving their risk status through greater investment in employee risk education and training.

Only 43 per cent of respondents rated their training and awareness programs as more than 75 per cent effective, showing that companies are well aware of their current shortcomings, Kapuria said. The report shows a decrease of over 50 per cent in companies' confidence about their training programs, compared to the year ago survey.

"The area where most people need to focus on is classifying their data, what it's used for, and what its sensitivity may be," said Kapuria. "Rather than just throwing technology at their problems, companies need to assess, and then apply the appropriate availability, security, and compliance requirements."

Related content:

Today's IT professionals: New roles, new salaries

Canadian firms pulling up their SOX, says study

Eight security tips that every CIO should know

Bookmark on:del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!
Have something to say about this article?
Add a new commentLetter to the Editor
Find an inappropriate comment? You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields
Registration < Enabling Registration < Shift in security risk priorities, says Symantec study
Blog Spotlight: Sandford Borins
Sandford Borins

As Professor of Strategic Management at the University of Toronto, Sandford Borins brings InterGovWorld.com readers exclusive insights into how and why the public sector is changing. You'll find new perspectives and questions, observations and objectives, lessons and answers. Cover to Cover, the blog by Prof. Sandford Borins, appears every Thursday.

Inside Cover to Cover

Unified Communications
Data Defence

Unity is a word often heard in the public sector, with myriad agencies and departments looking to foster collective thinking around some of today's most pressing issues. The word, however, doesn't usually get mentioned in the same breath as technology. That's a situation, though, that might soon be changing, thanks to a new software platform known as unified communications.

Inside the latest issue of CGR

More Resources
Driving innovation through effective service management
Driving innovation through effective service management
This white paper discusses how a service-oriented governance framework can help ensure that IT decisions are consistent with business vision, values and strategies-and that IT delivers maximum value to the business. Complimentary with registration.
Download it now
IT Service Management Solutions and the service desk
IT Service Management Solutions and the service desk
This white paper presents the capabilities of IBM Tivoli CCMDB, and describes how Tivoli CCMDB extends the value of the service desk and integrates other essential ITIL processes in support of IBM Service Management. Complimentary with registration.
Download it now
Stalled PCI DSS compliance efforts put Canadian organizations in limbo: Hereb�s how to get back on track
Stalled PCI DSS compliance efforts put Canadian organizations in limbo: Herebs how to get back on track
You might have long ago abandoned your efforts to achieve full PCI DSS compliance, but herebs a report that offers some helpful ideas to get back on track again. It highlights the five bsticking pointsb that typically hinders PCI DSS compliance progress and suggests how to get unglued from the mess.
Download it now
Advertisement
2007 Salary Calculator
Knowledge Centres at a Glance
Policy
Is America ready for its first BlackBerry president?
Registration
Google enters white spaces debate
Program
One Laptop Per Child program helps Rwandan students
HR
Opinion: City of San Francisco management fails
Collaboration
RCMP leads national police information sharing initiative
Technology
Google shares presidential candidate RSS reading lists
White Papers
Closing the data privacy gap: Protecting sensitive data in non-production environments
Prepare for a more efficient SAP implementation: Take data issues off the critical path
Unlock the potential of data with the right data warehouse solution
IBM Multiform Master Data Management: The evolution of MDM applications
read more white papers
New blog entries
Thoughts of the day
Rate my public servant? Right on!
Customer feedback, citizen feedback: Two contrasting stories
Le Francais dans les Airs: Digitizing a Legacy
Stand up for Canada's public service: An open letter to Kevin Lynch and Len Edwards
While Austan Goolsbee is no Austin Powers, maybe Stephen Harper is Doctor Evil
This week's top stories
Most popular stories of the week
Demographics pose pressing dilemma: Renew or reinvent
Aussies take their cue from Canada on breach notification
Recording everything in the workplace soon to be in vogue, say researchers
Government of Alberta launches public health action plan
Putting e-mail intelligence to work
Readers write back
Comments from Intergovworld readers
Canadian governments engage in e-waste clean up
Federal privacy chief urges law revamp
Seven ways to kill innovation
Ontario Ministry of Health modernizes data transfer system
Toronto pet owners safe from Patriot Act
Government to government
Inside the public sector machine
Public utility's bare insecurities
Online crime fight needs more than law enforcement
Environment Canada opens up to open source
Government overconfident on security, says analyst
Shared services raise governance challenges
Government to business
P3: Public-private partnerships
Advocates say online privacy policies need work
GTAA gets its cabling challenges under control
Open source gaining traction in U.S. government, says survey
Government needs to be stronger advocate for health IT, say experts
Canadian governments engage in e-waste clean up
Government to citizen
e-Government service transformation
Canadian governments engage in e-waste clean up
Canadian municipalities sign up for eUniversity
Exclusive: PWGSC launches recruitment campaign to bridge baby boomer gap
Feds fend off cyber crime with funding schemes
Wi-Fi growth fuels video surveillance adoption
Blogs
Browse Blogs By:
Blogs by Topic
Blogs by Author
read all InterGovWorld Blogs
WiFi Hot Spot Finder
Upload Centre
Upload Your Documents
Contribute and share with your peers by uploading:
- Initiative updates
- White Papers
- Job Links
- Events
- Other
Upload Centre
Download Centre
Most popular downloads:
Download More Documents
Download:
- Initiative updates
- White Papers
- Job Links
go all downloads
Subscription Services
Manage your InterGovWorld.com account!
Change your account information, password, e-mail address, and existing e-newsletter subscriptions.
Change or update your existing subscriptions
Change your e-mail address
Site Feedback Survey
Tell us what you think of InterGovWorld.com!
take the survey
FUN SurveyFUN Survey
Take the one-minute Family Unit Networking survey!
Take The Survey
IT Salary Survey IT Salary Survey
Take the IT Salary Survey '06 Today
Take the survey now!
Career Resources
InterGovWorld provides links to resources for government job seekers and current employees, including: current job postings, job search strategies, career options and training, and employee rights, provided by all levels of government from everywhere across Canada.

How to apply for a job in the federal Public Service
Public Service Commission of Canada
Provincial and Territorial government job opportunities
Service Canada
City and Municipal jobs in Canada
Jobs in Canada
Identify and research your career options
Service Canada
HR planning and accountability
Public Service Human Resources Management Agency of Canada