Cisco Asks Businesses How Effective Their Security Policies Are
Nov 4, 2008 12:25 PM
Security provider Cisco conducted a two-part research study that assessed the effectiveness of IT security policies. This study, which analyzed the behavior and perceptions of 2,000 employees and IT professionals in 10 countries, found that employees engage in numerous risky behaviors at work, including the following:
• Altering security settings to bypass corporate security policies and access unauthorized sites
• Accessing unauthorized areas of networks and facilities
• Sharing sensitive corporate data with non-employees
• Sharing corporate devices with non-employees
• Losing portable storage devices
• Allowing others to "tailgate" behind them into corporate facilities
• Leaving devices with passwords to personal financial accounts and corporate systems unattended and unlocked
In addition, Cisco’s research revealed some surprising findings about the effectiveness of corporate security policies. For example:
• One in four organizations don’t have any data protection or security policies in place.
• A large gap exists between employees and IT personnel regarding security policy awareness: Between 20 percent and 30 percent more IT respondents than employees are aware of their company’s security policies.
• A communication disconnect often exists because IT personnel tend to communicates policies in an indirect, non-verbal manner (e.g., email, voicemail, memo). This lack of direct, verbal engagement contributes to the gap in IT personnel/employee security policy awareness.
• The main reason that employees don’t adhere to corporate security policies is a lack of alignment between those policies and the reality of doing their jobs.
• One in five IT professionals has experienced a data leakage incident that involved the loss of customer data.
Want to use this article? Click here for options!
© 2012 Penton Media Inc.
Today's New Product
|
Privaris Biometric Verification SoftwareIn support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization. |
advertisement
This month in Access Control
- Targeting The Customer
- Electronic Pedigrees
- One Hero Among Many
- Who? What? When? Where? Why?
- More from September's issue
Latest Jobs
advertisement