Article appeared in CIO (09/15/05) Vol. 18, No. 23, P. 60; Berinato, Scott; Ware, Lorraine Cosgrove.
Even as preventative security measures grow more sophisticated, the security industry remains loosely coordinated and decentralized, and struggles continually to keep up with the steady proliferation of threats. A recent study found that many security administrators are indifferent to government compliance regulations, and are often lax about risk management, as only 37 percent responded that they had in place an active security strategy. Much of the problem with cybersecurity is that the daily occurrence of multiple threats has administrators constantly scrambling to put out fires, leaving them with little time to formulate long-term strategies. Though information security remains overwhelmingly reactive, organizations are beginning to pay it more attention, as witnessed by the growing number of executive positions created to deal expressly with security. The results are tangible, as the higher up in the organization the security executive position is, the better the organization’s security rating. Having high level security executives in place also tends to align security more closely with the direction of the business. Still, companies with high-level security positions are outnumbered by those that have yet to elevate the role. Larger companies have very recently stepped up their monitoring of employees to rein in risky activities, such as instant messaging. There is also a widespread disregard for the Department of Homeland Security as a leader in cybersecurity. In dealing with government regulations, there is a pervasive ignorance about their scope and intention, as an alarmingly high number of respondents reported either that regulations do not apply to them, or that they are knowingly non-compliant. Though the number of incidents reported held steady, many of those surveyed were unsure of the extent of the damage. Similar uncertainty was reported when respondents were asked about the budgetary allotment reserved for security, and 16 percent were unsure if their security budgets would increase or decrease in the future.
Read more here.