Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


Blog Archives for November 2009
eGov Initiative Not Without Risk to Citizen Data
November 19, 2009, 7:36 am

The eGovernment movement is a good thing, and maybe too long in coming given how many years businesses have been taking advantage of technology to provide convenience and a higher quality of service to their customers. Constituent services have been available online for years, certainly, but only recently has the effort to modernize government been policy.

Yet the push to digitalize federal agencies is not all photo ops and campaign sound bites. There’s risk involved, and unless that risk is acknowledged and addressed up front, the information that our government collects about its citizens – information we are often compelled to provide – may be in danger of compromise to negligence, malicious insiders, or cyber criminals.
That conclusion is not only one that any rational observer of data security and data privacy issues could have drawn through simple deduction, but it has been confirmed by a recent study the Ponemon Institute conducted.
Sponsored by CA, we talked to more than 200 senior IT professionals working for a variety of federal agencies to gauge their feelings and confidence related to the kinds of technologies being adopted by the feds and how data security might be affected. The results, as released in our Cyber Security Mega Trends study?
§ 79% of respondents see the rise in the use of collaboration tools as significantly increasing the storage of unstructured data sources that contain confidential or sensitive information that is not adequately protected or secured.
§ 71% of respondents believe that cyber terrorism is on the rise and this trend poses a very serious threat to the protection of proprietary systems as well as our nation’s critical infrastructure.
§ 63% see the mobility of the government workforce as contributing significantly to endpoint security risks as a result of a plethora of insecure mobile data-bearing devices that are susceptible to malware infections and botnet attacks.
§ 52% of respondents say that Web 2.0 applications such as social networking, social messaging, blogging and wikis contribute to the leakage of confidential or sensitive information as well as susceptibility to malware and botnet attacks.
It all adds up to an acknowledgement on the part of those individuals tasked with managing and protecting citizen data that there’s a great deal of risk involved in the digitization of federal processes. That doesn’t mean that we shouldn’t continue to make progress in dragging constituent services into the 21st Century, but what it does mean is that these eGov initiatives must be undertaken with proper consideration given to the security of sensitive personal information.
When we file our taxes, participate in a census, or register for one of the many benefits to which we may be entitled, we do so with the expectation that our public servants will give proper care and respect to the information entrusted to them.
Given the results of the Cyber Security Mega Trends study, we would all do well to question whether that trust is well placed.
Crowe Horwath & Ponemon release HITECH study
November 21, 2009, 11:49 am

I am delighted to share with you our recently completed benchmark study that focuses on healthcare organizations and their ability to comply with new regulations. Of 77 participating covered entities and business associates, 27% percent have not started or are barely aware of what they need to do, 32% are waiting for more details, 14% have a plan but are waiting for more details, and 21% are just starting to act.  This data was collected from June through October 2009. If you are affected by the HITECH Act, this benchmark study may be helpful to you.

Security (23)
Privacy (22)
global security (1)
Providers (1)