MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Reshaping Financial Services IT: CIO Best Practices for the Shift Toward Mobile Speakers: Dr. Larry Ponemon, Chairman, Ponemon Institute Ojas Rege, VP Strategy, MobileIron Session Times: April 1st 8:00 AM PDT (San Francisco) / 4:00 PM BST (London) April 2nd 9:00 AM HKT (Hong Kong) / 6:00 PM PDT (San Francisco)    Widespread consumer adoption of mobile technology has set in motion a fundamental shift within financial services organizations. CIOs are learning to leverage the power of mobility to deliver a strategic business advantage by helping their firms become more efficient and flexible. For the first time, MobileIron will share data from a Ponemon Institute survey of 400 financial services organizations about the future of BlackBerry, BYOD, apps, and governance. Join MobileIron VP of Strategy Ojas Rege and Ponemon Institute Chairman and Founder Dr. Larry Ponemon for a practical and “eyes-wide-open” look at the issues CIOs and CISOs in financial services will need to address as mobile becomes a fundamental part of their computing environment. Key topics include: • Financial services mobile adoption forecasts • Trends in migration to multi-OS environments • Dependencies for successful mobile strategy deployment • Implications of user experience and security Register Now This session will be recorded and available for replay.

 


Blog Archives for April 2010
2010 Security in the Trenches
April 14, 2010, 10:23 am

We just completed a survey of federal IT security professionals to examine the data protection posture of government agencies. Through the survey, sponsored by CA, we wanted to see whether or not there is consistency in the perception of rank-and-file employees and executive management as it pertains to the safeguarding of sensitive information, regulatory compliance, and the day-to-day management and execution of a security program.

What we found was interesting, and in keeping with what we’ve seen in the private sector: executives tend to view the information security programs they manage more positively than do the employees who actually carry out the plans.
 
That might not seem like a surprising result, but any time we can quantify what may appear to be an intuitive conclusion, it’s a helpful outcome. Progress in addressing operational challenges should be based on fact, and while trusting one’s gut may sometimes be helpful, our data suggest that the gut may not always be reliable. As the old saying goes, “trust, but verify.”
 
What we did find surprising as a result of our report, Security in the Trenches: Comparative Study of IT practitioners and Executives in the U.S. Federal Government, (available at CA’s web site) was how big some of the gaps were. Some examples:
 
·         While 62 percent of rank-and-file staff believed password management to be important, only 31 percent of executives agreed. That’s a 31 percent gap.
·         The importance of training and awareness for end-users and for privacy and security professionals showed gaps of 21 percent and 20 percent respectively. Sixty-two percent and 63 percent of IT staff see training of end users and security experts as very important, while only 41 percent and 43 percent of executives agree.
·         Confidence in organizational compliance with regulations such as FISMA is low among federal agencies, but rank and file employees believe a lack of leadership is to blame, while executives see the problem as poor enforcement.
 
The takeaway for federal agencies – but a lesson for all organizations struggling with information security challenges – is in recognizing that these discrepancies could impact an agency’s ability to properly secure their IT environment and manage risk.
 
Rather than trusting your gut, why not sit down with the folks in the trenches and listen to what they have to say about their experiences executing against the mandates they’ve been given? Understanding the challenges they face each day may help to better identify some of the ways you can make significant improvements in your organization’s risk management and security readiness strategy.
 
Let us know what you think about this report, and let us know what you've learned by talking to the pros in your trenches.
The Road to Data Breach is Paved with Good Intentions
April 19, 2010, 12:25 pm

We recently completed some new research with Accenture in which we were surprised to find that, in spite of all the attention being paid to data protection, and in spite of new and updated data protection regulations, complacency is beginning to settle in among many companies.

Yes, I said complacency.

Categories
Security (23)
Privacy (22)
global security (1)
Providers (1)