ISSE 2008 Information Security Status


Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

ISSE 2008 Information Security Status

  1. 1. Information Security Status in Organisations 2008 Anas Tawileh, Jeremy Hilton, Stephen McIntosh Cardiff University
  2. 2. Outline <ul><li>Methodology and Approach </li></ul><ul><li>Survey Findings </li></ul><ul><li>Feedback </li></ul><ul><li>Summary and Discussion </li></ul>
  3. 3. Methodology and Approach <ul><li>Structured approach to questionnaire design </li></ul><ul><li>Based on the Information Assurance Model </li></ul><ul><li>Model describes a desirable state of information assurance in organisations </li></ul><ul><li>Open-ended question added to elicit feedback </li></ul>
  4. 4. Respondents’ Profile
  5. 5. Respondents’ Profile
  6. 6. Organisation Sector
  7. 7. Information Security Requirements
  8. 8. Data Backup
  9. 9. Privacy and Integrity
  10. 10. Measures Against Internal Misuse
  11. 11. Respondents’ Feedback <ul><li>“ My goals as IT supervisor and management goals are not always the same, management is worried about sales/profits, and not security.” </li></ul><ul><li>“ It would be nice to know how many &quot;no's&quot; one selected out all questions to slam it in the face of those opposing any IT security.” </li></ul>
  12. 12. Respondents’ Feedback <ul><li>“ I am concerned. I am the one and only who is concerned. After hours, anyone who somehow got admitted into our offices could walk out with a laptop sitting on the reception desk containing practically all the confidential info we have. Refusal to invest in a steel cable.” </li></ul>
  13. 13. Summary and Discussion <ul><li>A significant gap exists between large organisations and their smaller counterparts in the adoption of information security </li></ul><ul><li>Organisations seem to focus more on confidentiality and authentication </li></ul><ul><li>Privacy (still) is a growing concern </li></ul>
  14. 14. Summary and Discussion <ul><li>Organisations are not very well prepared to satisfy the requirement for external collaboration </li></ul><ul><li>Over-reliance on technical measures </li></ul><ul><li>Little attention is paid to the human aspect of security </li></ul>
  15. 15. <ul><li>Thank You. </li></ul>