<![CDATA[Blog]]> http://www.ponemon.org/ Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Security of Cloud Computing Users 2013 Study ]]> http://www.ponemon.org/blog/new-security-of-cloud-computing-users-2013-study-confirms-conflicting-views-on-cloud-security-responsibility  

Today we are releasing a very interesting follow up study on how organizations are improving--or not--their cloud security practices. The Security of Cloud Computing Users study shows that when it comes to cloud computing the glass may be half full or half empty because only half or less of respondents have positive perceptions about how their organizations are adopting cloud security best practices and creating confidence in cloud services used within their organization. A significant finding is that only 50 percent of respondents are engaging their security team (always or most of the time) in determining the use of cloud services. We hope you will read the complete report to learn about changes in cloud computing security. Access the full Ponemon Research: 2013 Security of Cloud Computing Users Study
Highlights: View key takeaways in this infographic

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Risk of Insider Fraud: Second Annual Study]]> http://www.ponemon.org/blog/risk-of-insider-fraud-second-annual-study Today we released a new study entitled the Risk of Insider Fraud: Second Annual Study . The research reveals that the number of employee-related incidents of fraud continues to remain high. However, only 44 percent of IT and IT security practitioners say their organization views the prevention of insider fraud as a top security priority and this perception has declined since we first conducted this study in 2011. Contributing to the insider risk is BYOD, employee access of enterprise systems from remote locations and lack of security protocols over edge devices. Some suggestions to address these risks include making training and awareness an important component of a security initiative and monitoring access privileges. These privileges also need to be appropriate for the employees’ role and responsibility. We hope you will read the full report that discusses the challenges organizations face in minimizing the risk of the malicious and negligent insider. To find out more, visit http://www.attachmate.com/assets/Ponemon_2012_Report.pdf

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[The Post Breach Boom]]> http://www.ponemon.org/blog/the-post-breach-boom Data breaches have become a fact of life for organizations of all sizes, in every industry and in many parts of the globe. While many organizations anticipate that at some point a non-malicious or malicious data breach will occur, the focus of this study is to understand the steps organizations are taking to deal with the aftermath of a breach or what we call the Post Breach Boom. Sponsored by Solera Networks, we conducted The Post Breach Boom study to understand the differences between non-malicious and malicious data breaches and what lessons are to be learned from the investigation and forensics activities organizations conduct following the loss or theft of sensitive and confidential information. The majority of respondents in this study believe it is critical that a thorough post-breach analysis and forensic investigation be conducted following either a non-malicious or malicious security breach. To download the report, please click http://pages.soleranetworks.com/ponemon.html

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Efficacy of Emerging Network Security Technologies ]]> http://www.ponemon.org/blog/efficacy-of-emerging-network-security-technologies  

One of our latest studies is the Efficacy of Emerging Network Security Technologies our objective is to learn about organizations’ use and perceptions about emerging network security technologies and their ability to address serious security threats.  The emerging technologies examined in this study include next generation firewalls, intrusion prevention systems with reputation feeds and web application firewalls. Some interesting findings include:  Securing web traffic is by far the most significant network security concern for the majority of organizations. However, the majority of respondents say network security technologies fall short of vendors’ promises. Almost half (48 percent) of respondents agree that emerging network security technologies are not effective in minimizing attacks that aim to bring down web applications or curtail gratuitous Internet traffic. To read a copy of the report please click http://www.juniper.net/us/en/dm/spotlight

 

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Understanding the Methodology and Staggering Costs in the Annual Cost of Failed Trust Report]]> http://www.ponemon.org/blog/understanding-the-methodology-and-staggering-costs-in-the-annual-cost-of-failed-trust-report Some staggering numbers

Every Global 2000 enterprise faces a total exposure of almost U.S. $400 million over 24 months due to new and evolving attacks on failed cryptographic key and digital certificate management. And adjusting for probability established by survey participants, we found every enterprise risks losing $35 million.
This findings cap our First Annual Cost of Failed Trust Report: Trusts and Attacks, which quantifies, for the first time, the financial impact of impact of new threats and attacks on our ability to control trust.

Complete study is available - http://www.venafi.com/ponemon-institute-first-annual-cost-of-failed-trust-report/?ls=mb&cid=70150000000KIkw

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[2012 Most Trusted Companies for Privacy]]> http://www.ponemon.org/blog/2012-most-trusted-companies-for-privacy Do we still care about privacy? According to our annual study on privacy trust, more and more of us do care. Our biggest privacy concerns are the fear of identity theft and government intrusions into our personal lives. 

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Third Annual Patient Privacy & Data Security Study Released]]> http://www.ponemon.org/blog/third-annual-patient-privacy-data-security-study-released Could BYOD increase the risks of a healthcare data breach and medical identity theft? The third annual study on Patient Privacy and Data Security reveals the explosion of mobile devices used in healthcare organizations.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[2013 State of the Endpoint]]> http://www.ponemon.org/blog/2013-state-of-the-endpoint Sponsored by Lumension, the 2013 State of the Endpoint is our third annual study that tracks endpoint risk in organizations, the resources to address the risk and the technologies deployed to manage threats.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Edelman Privacy Risk Index]]> http://www.ponemon.org/blog/edelman-privacy-risk-index We are very pleased to introduce the Edelman Privacy Risk Index developed in collaboration with Ponemon Institute.  The Index provides a high level risk coefficient specified for various sized business organizations. The Index is derived from Meta analysis of Ponemon research involving more than 6,400 individuals located in 29 countries.  Here is the link to the online calculator:  http://www.edelman.com/privacy-risks/

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition sponsored by Silver Tail Systems ]]> http://www.ponemon.org/blog/2012-web-session-intelligence-security-report-business-logic-abuse-edition-sponsored-by-silver-tail-systems  


 

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Second Annual Patient Privacy Study Released]]> http://www.ponemon.org/blog/second-annual-patient-privacy-study-released Widespread use of mobile devices is putting patient data at risk, according to the latest Ponemon Institute research on healthcare providers' patient privacy practices.While 81 percent of respondents say employees in their healthcare organizations are using mobile devices to collect, store and/or transmit some form of PHI, 49 percent admit their organizations are not doing anything to protect these devices. To download a copy of the report click here:  http://www2.idexpertscorp.com/ponemon-study-2011/.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Best Practices in Data Protection Study Released]]> http://www.ponemon.org/blog/best-practices-in-data-protection-study-released  Sponsored by McAfee, the Best Practices in Data Protection survey is our latest effort to find out what separates the best organizations from the rest. We believe this study is important because it provides insights on how organizations can be more successful when investing in and building a data protection program. The study's findings reveal five success factors in a data protection program:

  1. A formal data protection strategy for the organization and metrics to determine if the strategy is effective.
  2. Key metrics from a management console and observation and regular testing of data protection solutions.
  3. Data protection technology features that focus on privileged users, restriction of access and outbound communications are considered critical
  4. Centralized management of the data protection program with such features as actionable information, policy administration, reporting, automatic securing of endpoints and monitoring.
  5. Automated policies for detection and prevention of end-user misuse of information assets. 

To download the complete report click here:  <https://prod.secureforms.mcafee.com/content/verify?docID=3E46E43C-2252-487A-885B-4C5F125DFB60&cid=WB290&aName=DP&src=web&aType=report®ion=us>

 

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Second annual cost of cyber crime study is released]]> http://www.ponemon.org/blog/second-annual-cost-of-cyber-crime-study-is-released Today we released our Second Annual Cost of Cyber Crime Study.  Our findings support other research studies suggesting increases in the frequency, severity and overall cost of cyber attacks on private and public sector organizations. Our study is sponsored by HP ArcSight.  I would be very pleased to discuss this year's findings, framework and research methods.  Please feel free to call us directly or send an email to research@ponemon.org to schedule a one-to-one meeting.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Most trusted companies for privacy]]> http://www.ponemon.org/blog/most-trusted-companies-for-privacy Ponemon Institute is releasing our annual Most Trusted Companies for Privacy study this coming week.  This is the eighth year that we conducted a U.S. national consumer study that determines the organizations believed to be most committed to protecting and securing personal information.  Our research also determines the underlying factors that consumers perceive as most important or influential to their trust ratings.   For more information, please contact research@ponemon.org.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Ponemon Releases Cloud Service Provider Study]]> http://www.ponemon.org/blog/ponemon-releases-cloud-service-provider-study Last week with CA Technologies we issued the results of a study of cloud service providers and their views on cloud security. There has been a lot of interest in this study. Readers have reviewed the results and responded with some very good questions and comments. In a nutshell, people – including us – were surprised by the results, which showed that cloud providers didn’t put security as the No. 1 concern in providing their services.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Are we taking adequate steps to protect the critical infrastructure?]]> http://www.ponemon.org/blog/are-we-taking-adequate-steps-to-protect-the-critical-infrastructure Last week I presented the results of our latest study entitled, "The State of IT Security: A Study of Utilities and Energy Companies." Sponsored by Q1 Labs, this research revealed that utilities and energy companies in our study are more concerned about preventing downtime that stopping a cyber attack.  In addition, a majority of respondents said that compliance with standards such as NERC CIP is not a top priority.  Most surprisingly, only 16 percent of respondents believe that their organization's existing controls are designed to protect against exploits and attacks through the smart grid.  For more information about this study, please contact research@ponemon.org.

 

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Cost of a data breach climbs higher]]> http://www.ponemon.org/blog/cost-of-a-data-breach-climbs-higher Most privacy advocates and people in the data protection community believe that data breach costs will start coming down eventually because consumers will become somewhat immune to data breach news. The idea is that data breach notifications will become so commonplace that customers just won’t care anymore.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Listen to a new podcast on the True Cost of Compliance study]]> http://www.ponemon.org/blog/listen-to-a-new-podcast-on-the-true-cost-of-compliance-study Dear friends and colleagues,

Please listen to a recent podcast on the True Cost of Compliance study completed last month.  Martin KcMeay at Network Security Blog did a great job conducting this 30 minute interview.

www.mckeay.net/2011/03/02/network-security-podcast-23/

If you would like a copy of the full report, please visit Tripwire's website as follows:

www.tripwire.com/ponemon-cost-of-compliance/

 

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Compliance Like a Club]]> http://www.ponemon.org/blog/compliance-like-a-club Have you ever noticed how some organizations wield compliance like a club when marketing their products or services? They remind you of the latest in information security regulations, such as the HITECH Act or Mass 201 CMR 17, and then menacingly predict doom for those who transgress. If you fail to comply, their messages warn like a cross schoolmarm, the boogey man will flash his regulator badge and lower the boom (unless, of course, you buy the appropriate product or service).

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Poor Privacy Practice is Ailing Healthcare Industry]]> http://www.ponemon.org/blog/poor-privacy-practice-is-ailing-healthcare-industry It has been more than six years since the ChoicePoint data breach thrust the issue of privacy protection into the headlines. Since then hundreds of information security failures have been disclosed and the tools and techniques used to keep sensitive information safe have advanced at a healthy pace. Recent incidents in the healthcare industry, however, strongly suggest that best practices have not been universally adopted.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Data Center Outages and Data Management]]> http://www.ponemon.org/blog/data-center-outages-and-data-management I hear the collective sound of our friends, colleagues, and other interested parties scratching their heads at the release of the most recent piece of Ponemon Institute research, National Survey on Data Center Outages. You read that right, data center outages.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Information Governance in the Cloud]]> http://www.ponemon.org/blog/information-governance-in-the-cloud Just a brief note to bring our recent webinar to your attention.  I presented Information Governance in the Cloud along with the good people at Symantec.  The presentation is based in part on results from our earlier report, Flying Blind in the Cloud.

If you want to view the webinar, presented on the Windows Live Meeting platform, please click here.

If you have any questions or comments about this issue, our report, or the webinar, we'd love to hear from you.

Thanks!

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Integrated, Holistic Security Strategies]]> http://www.ponemon.org/blog/integrated-holistic-security-strategies Holistic is a popular word these days. Often applied to food and medicine, the word conjures images of natural, healthy living, but the word holistic refers to the function of an entity as a whole, including the interdependence of all its parts. Given this broader meaning, holistic can (and should) be applied when thinking strategically about the way a business organization operates. Successful, well-functioning organizations most adapt to change, be flexible in their relationships, and innovative in their approach to business. They must not only have the capacity to react to change, but to anticipate change and act innovatively.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Benchmarking Information Security Efficiency]]> http://www.ponemon.org/blog/benchmarking-information-security-efficiency Recently the Ponemon Institute completed a new project, the Security Efficiency Benchmark Study, the purpose of which was to learn what IT security leaders in the UK and European think are the key components to having an efficient and effective security operation. In other words, we wanted to know what is necessary for achieving data security goals and protect information assets and infrastructure.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Think Before you Cloud]]> http://www.ponemon.org/blog/think-before-you-cloud A few years ago, when wireless networking was still relatively new, there were numerous reports of enterprising employees who, frustrated with the pace of new technology integration in their workplace, took it upon themselves to deploy rogue access points – often hidden behind furniture or above drop-down ceiling panels – in order to provide convenient mobility around the office.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Fear and Loathing in Online Advertising]]> http://www.ponemon.org/blog/fear-and-loathing-in-online-advertising Have you ever seen an interactive advertisement while browsing around on the Web and, even though it was from a brand that you recognized promoting a product, service or event that you found interesting, you simply refused to click on the image because of a nagging sense of trepidation? What really lies beyond that alluring digital veil? Is the offer worth the risk? What of my digital privacy might I be giving up by responding to that message?

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[The Road to Data Breach is Paved with Good Intentions]]> http://www.ponemon.org/blog/the-road-to-data-breach-is-paved-with-good-intentions We recently completed some new research with Accenture in which we were surprised to find that, in spite of all the attention being paid to data protection, and in spite of new and updated data protection regulations, complacency is beginning to settle in among many companies.

Yes, I said complacency.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[2010 Security in the Trenches]]> http://www.ponemon.org/blog/security-in-the-trenches We just completed a survey of federal IT security professionals to examine the data protection posture of government agencies. Through the survey, sponsored by CA, we wanted to see whether or not there is consistency in the perception of rank-and-file employees and executive management as it pertains to the safeguarding of sensitive information, regulatory compliance, and the day-to-day management and execution of a security program.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Training Is the Strongest Link]]> http://www.ponemon.org/blog/training-is-the-strongest-link Today we held a RIM College event featuring three noted experts in corporate privacy training programs -- namely, Dean Forbes (Merck), Bob Posch (Merck) and John Block (Media Pro).  Our focus is: what are leading companies doing to achieve awareness and knowledge about privacy and data protection requirements?

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Sophos & Ponemon Institute Announces New Study]]> http://www.ponemon.org/blog/sophos-ponemon-institute-announces-new-study We are pleased to present The State of Privacy and Data Security Compliance study conducted by Ponemon Institute and sponsored by Sophos. The purpose of the study is to determine if various international, federal and state data security laws improve an organization’s security posture. What is the value of compliance and does it correlate with the value of the compliance effort?

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Crowe Horwath & Ponemon release HITECH study]]> http://www.ponemon.org/blog/crowe-horwath-ponemon-release-hitech-study I am delighted to share with you our recently completed benchmark study that focuses on healthcare organizations and their ability to comply with new regulations. Of 77 participating covered entities and business associates, 27% percent have not started or are barely aware of what they need to do, 32% are waiting for more details, 14% have a plan but are waiting for more details, and 21% are just starting to act.  This data was collected from June through October 2009. If you are affected by the HITECH Act, this benchmark study may be helpful to you.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[eGov Initiative Not Without Risk to Citizen Data]]> http://www.ponemon.org/blog/egov-initiative-not-without-risk-to-citizen-data The eGovernment movement is a good thing, and maybe too long in coming given how many years businesses have been taking advantage of technology to provide convenience and a higher quality of service to their customers. Constituent services have been available online for years, certainly, but only recently has the effort to modernize government been policy.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[The Goal is Credibility]]> http://www.ponemon.org/blog/the-goal-is-credibility I want to share an article with you that I think has a tremendous lesson for anyone in the business of building trust.  The article is from a recent edition of Foreign Policy (reprinted from Joint Force Quarterly), but don't let the source put you off.  Admiral Michael G. Mullen, chairman of the Joint Chiefs of Staff, writes about what it takes to establish credibility and build trust.

Admiral Mullen's perspective is different from yours and mine, but there are nuggets here that are vital no matter what your business.

 

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Archer-Ponemon Treaty for Data Governance]]> http://www.ponemon.org/blog/archer-ponemon-treaty-for-data-governance I’m still processing a lot of the information gathered, shared, and created during our 8th RIM Renaissance this past weekend in Minneapolis. One of our sessions focused on the creation of an information governance “treaty” that holds various organizational members to a high standard (consistent with our RIM principles). Please review the following draft document and let me know what you think.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Thank You, Friends of the Ponemon Institute!]]> http://www.ponemon.org/blog/thank-you-friends-of-the-ponemon-institute A warm thank you to everyone who made this past weekend's RIM Renaissance a success.  The discussions were lively and productive, and I think we all came away just a little bit smarter as a result of the candor.  We do appreciate the enthusiasm that seems to pervade these events, and the willingness to put aside your valuable time to join with us on these annual occasions, as well as the ongoing conversations that take place throughout the year.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[What We have here is, Failure to Communicate]]> http://www.ponemon.org/blog/what-we-have-here-is-failure-to-communicate Privacy pro: Do you ever feel like you are working overtime to meet overly ambitious expectations? Are you frustrated by your attempts to outline a plan for protecting sensitive personal information only to get the sense that you are talking to a brick wall?

CEO: Are you puzzled as to why the people your company has hired to address security and privacy concerns never seem to meet the objectives you have for them? Are you flummoxed by the fact that the investments you’ve made in data security aren’t helping to stem the tide of data loss? 

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[More Employees Ignoring Data Security Policies]]> http://www.ponemon.org/blog/more-employees-ignoring-data-security-policies Does it surprise you to learn that, according to our recent study, Trends in Insider Compliance with Data Security Policies: Employees Evade and Ignore Security, employee compliance with corporate data security policies is on the wane?

Why do you think this is?  I’m seeing a confluence of conditions that appear to be contributing to this challenge to data integrity: the development of new, mobile technologies that empower employees to do more while away from the office; a failure of organizations to keep pace with the ways technology is changing the dynamics of data security; and current economic conditions that are putting increased pressure on individuals to be more productive with fewer resources.

]]> Sun, 26 May 2013 01:30:57 -0400 <![CDATA[Dr. Ponemon's Blog]]> http://www.ponemon.org/blog/dr-ponemons-blog Welcome to my new blog. I look forward to sharing some of our thought provoking research. I also look forward to receiving your comments and questions. Stay tuned.

]]> Sun, 26 May 2013 01:30:57 -0400