[Moderator: Sorry, I was jumpy on the send key.]
[Moderator: Please check out the URL if you are interested in any of this.
Lynx doesn't handle tables and the like too well :)]
http://www.netversant.com/hotinfo/sum.htm
The Survey
An online panel of 1,509 members was recruited in January-March of 1998
for the World Research MIS Panel. Various means were used, including
online banners, newsletter sponsorships and email campaigns.
The first survey was sent to these panelists on March 24. The subject was
NETWORK SECURITY.
584 panelists (39%) filled out all or part of the survey form during the
week the survey was active.
Click here to see the questionnaire.
Purpose
The survey was commissioned to determine attitudes and concerns about
Network Security among IT executives and professionals.
Summary of Findings
* Compliance with network security policies is spotty, on the whole.
* The majority would prefer to enforce security transparently, and also
to try to customize the security policy to the company.
+ There is also interest in restricting activities that give too
much access, but those activities dont include web access.
* Most respondents are not very concerned about the danger of firewall bypass.
* Where a firewall exists, the remaining danger mostly comes from human
factors such as employee disaffection, incompetence, and access to
secure LAN files.
+ Virus attacks continue to be a strong concern.
+ There is only average concern about intranet and dialup attacks.
+ Browser-, email-related and physical attacks, employee web
accesses, outside hackers and exotic bandwidth attacks are a
minimal concern.
+ There is NO concern about e-commerce and other Internet services.
* Usage Control: The respondents want to get to the "needle in a
haystack" isolating specific instances of misuse in volumes of usage
data. And they want to do it in real time, with a combined desktop
security and usage control product.
+ Again, employee web access and email are NOT concerns. Neither is
fancy presentation.
* The core concern about unrestricted web access is not the access
itself, but what it could open up the company to.
+ There is a concern about the cost to the company of this kind of
access, but little about the content itself.
* Interest in the subject, and satisfaction with this survey, were
evident in the extremely low opt-out figures, and the very high level
of opt-in requests for information from the survey sponsor.
Findings
Would you say your network security policies are followed by
a. There is definitely leakage here.
i. Only 23% report complete or near-complete compliance.
ii. Adding "most users" and "half of the users", we have a
majority of 60% of responses. Spotty compliance is the rule.
iii. For 22%, there is little or no compliance.
b. Amazingly, only 1% of respondents preferred not to report their
companys state of compliance. An amazing level of trust!
how effective would these be in an overall program of achieving
adequately secure operations:
[snip... I recommend checking out the rest of this page with a graphical browser.]
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
Received on Tue Apr 7 16:11:34 1998