|
IT security remains a major concern of IT professionals around the world according to CompTIA's 7th Annual Trends in Information Security: an Analysis of IT Security and the Workforce. As information technology's role within an organization continues to expand so does the potential for security breaches, according to a recent report, by CompTIA, the Computer Technology Industry Association.
The study, CompTIA's 7th Annual Trends in Information Security: an Analysis of IT Security and the Workforce, notes that major security issues are generally consistentconsistent with previous years, with spyware, virus / worm, and lack of user awareness again being the most common. Security threats from browser-based attacks, spyware, use of handheld devices, and voice over IP intensified for the majority of respondents.
In 2008, the average number of security breaches increased slightly from previous years. Although the number of these breaches remained moderate over the last few years, the data indicates the severity levels have increased. This suggests many organizations have made significant progress in dealing with security issues, but the number and types of threats as increased in step.
The most significant costs of security breaches remains the overall impact on employee productivity, CompTIA says. About one-third of U.S. respondents cite loss productivity as the top consequence of a breach, followed by a disruption of revenue-generating activities.
The primary cause for the most severe security breaches remains unintentional in nature and is typically caused by human error. This demonstrates a need for greater employee training and deeper knowledge of technology functions.
Almost all U.S. respondents (87%) note improvements in security when their organizations provide security training for non-IT employees, notably through increased awareness and proactive risk identification. However, relatively few respondents say this type of training decreases the severity of incidents when they do happen.
The number of organizations where IT security certification is required continues to grow—particularly for current employees (32% in 2008 compared to 20% in 2006).
Most respondents feel that IT security certification for IT staff improves security, especially through risk identification and quick response to security issues. This doesn't always translate to better corporate policy though. Less than half of respondents feel certification leads to better security policies, which suggests many corporations fail to recognize the need for a comprehensive security strategy.
The study was based on responses from more than one thousand IT professionals responsible for security at their organizations answered the questionnaire. Respondents were from the United States, Canada, the United Kingdom, and China and represented a wide range of industries including Education, Financial Services, Government, Healthcare and IT.
Only registered users can write comments.
Please login or register. |
