BreachExchange mailing list archives
Security Perceptions, Reality Differ-Data security controls still chosen based on anecdote, experience and peer discussions
From: Christine Fulgham <christine () opensecurityfoundation org>
Date: Mon, 11 Oct 2010 21:11:24 -0400
http://www.sundaymercury.net/news/sundaymercuryexclusives/2010/09/05/bungling-west-midlands-medics-lose-12-000-private-patient-records-66331-27203177/ The very nature of data security is one couched in discretion: As a matter of routine, processes are classified, and specialists in this area rarely share their company’s state secrets. Against the premise that the very nature of data security and its associated risks keep organizations from sharing critical solution steps, insurance and financial services organizations lack the metrics and raw collection capabilities necessary to objectively measure and manage this growing problem. So say the authors of a new report <http://www.imperva.com/docs/WP_Securosis_Data_Security_Survey_2010.pdf%20.>based on the “2010 Data Security Survey” published by Phoenix-based Securosis<http://www.securosis.com/>. The report is designed as an early step toward providing security managers and practitioners with practical information on the perceived effectiveness of major data security tools and techniques. The results are based on the responses of more than 1,000 security and IT professionals within organizations of all sizes and with a heavy emphasis on financial services and including health insurance as its own category. “There is a huge gap in the security industry, forcing us to rely more on anecdote and perceptions than hard measurements,” notes the report. The study also notes some disparities between the common perception that security breaches are on the rise and the reality of breach incidence. "Nearly two-thirds of organizations either didn't know if they suffered any data breach incidents, or stated that they didn't experience any," the survey says. "Of those that did, 46% saw a decline in breaches, while 27% reported the same number of breaches from the previous year." The survey results indicate that organizations do not invest equally in data security- financial services and government invest most in data security personnel, with healthcare, retail, and manufacturing investing relatively less (note that the authors only performed this analysis for some of the verticals surveyed). Other Key Findings [...]
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Take CREDANT Technologies short survey on cloud usage and security. Take the survey: http://www.surveymonkey.com/s/TXDR7WT Respond by October 12, 2010. Enter to win a $500(US) Amazon Gift Card.
Current thread:
- Security Perceptions, Reality Differ-Data security controls still chosen based on anecdote, experience and peer discussions Christine Fulgham (Oct 13)