Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


Blog Archives for April 2010
2010 Security in the Trenches
April 14, 2010, 10:23 am

We just completed a survey of federal IT security professionals to examine the data protection posture of government agencies. Through the survey, sponsored by CA, we wanted to see whether or not there is consistency in the perception of rank-and-file employees and executive management as it pertains to the safeguarding of sensitive information, regulatory compliance, and the day-to-day management and execution of a security program.

What we found was interesting, and in keeping with what we’ve seen in the private sector: executives tend to view the information security programs they manage more positively than do the employees who actually carry out the plans.
That might not seem like a surprising result, but any time we can quantify what may appear to be an intuitive conclusion, it’s a helpful outcome. Progress in addressing operational challenges should be based on fact, and while trusting one’s gut may sometimes be helpful, our data suggest that the gut may not always be reliable. As the old saying goes, “trust, but verify.”
What we did find surprising as a result of our report, Security in the Trenches: Comparative Study of IT practitioners and Executives in the U.S. Federal Government, (available at CA’s web site) was how big some of the gaps were. Some examples:
·         While 62 percent of rank-and-file staff believed password management to be important, only 31 percent of executives agreed. That’s a 31 percent gap.
·         The importance of training and awareness for end-users and for privacy and security professionals showed gaps of 21 percent and 20 percent respectively. Sixty-two percent and 63 percent of IT staff see training of end users and security experts as very important, while only 41 percent and 43 percent of executives agree.
·         Confidence in organizational compliance with regulations such as FISMA is low among federal agencies, but rank and file employees believe a lack of leadership is to blame, while executives see the problem as poor enforcement.
The takeaway for federal agencies – but a lesson for all organizations struggling with information security challenges – is in recognizing that these discrepancies could impact an agency’s ability to properly secure their IT environment and manage risk.
Rather than trusting your gut, why not sit down with the folks in the trenches and listen to what they have to say about their experiences executing against the mandates they’ve been given? Understanding the challenges they face each day may help to better identify some of the ways you can make significant improvements in your organization’s risk management and security readiness strategy.
Let us know what you think about this report, and let us know what you've learned by talking to the pros in your trenches.
The Road to Data Breach is Paved with Good Intentions
April 19, 2010, 12:25 pm

We recently completed some new research with Accenture in which we were surprised to find that, in spite of all the attention being paid to data protection, and in spite of new and updated data protection regulations, complacency is beginning to settle in among many companies.

Yes, I said complacency.

Security (23)
Privacy (22)
global security (1)
Providers (1)