funsec mailing list archives
Six Years Later CIOs Still Clue-less
From: Gary Warner <gar () askgar com>
Date: Wed, 27 Jun 2007 18:19:10 -0500
In 2000, Robert Half (RHI) did a survey of 1,400 Chief Information Officers, and asked them the question: "Are you confident that your firm's corporate networks are safe from internal and external security breaches?" 91% said they were confident their companies' networks were secure. Their answer was mocked by many security professional's in this Dan Verton ComputerWorld article of January 8, 2001. http://www.computerworld.com/managementtopics/management/story/0,10801,55981,00.html Who would have believed that such an answer could still be given today, after all the advances in Information Security Awareness? Imagine my surprise when I was going through my newspaper clippings this evening. Wednesday, June 27, 2007. USA Today. Page B-1, the front page of the MONEY section. Bottom left corner. --------------- A pie chart on a computer that's been pierced with a padlock. Title: CIOs confident about security Are you confident that your firm's corporate networks are safe from internal and external security breaches? Confident: 96% Not confident: 4% Source: Robert Half Technology survey of 1,400 chief information officers of companies with 100 or more employees. ----------------- A few possible explanations to this: (1) The USA Today does not specify on what planet the survey was conducted. (2) The CEOs was in the room when the CIOs were asked the question. (3) It was such a slow news day at USA Today that they decided to rehash a six year old survey, presenting the facts in the most mis-leading way possible. The actual survey results for this question, as revealed in the PRNewswire story of December 29, 2000, were that 36% were "very confident" and 55% were "somewhat confident" that there networks were secure. That would make the pie chart look more like (64% express some doubt) (36% express little doubt) to me! The original PR piece also quoted RHI Exec Katherine Spencer Lee as using the evidence to warn folks that even if they "believe they aren't likely targets for hackers, they should be prepared". If there was a survey since the one in December 2000, I couldn't Google it up, but would love to see it if anyone has a copy. _-_ gar _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Six Years Later CIOs Still Clue-less Gary Warner (Jun 27)