Welcome to the SecAware blog

I spy with my beady eye ...

11 Jan 2010

Privacy/security awareness

A report from Government Technology caught my eye this morning: CSI Computer Crime and Security Survey Shows Poor Security Awareness Training in Public and Private Sectors. "Mmmm, looks interesting" I thought, especially when I saw this:

"But respondents also expressed even greater concern over a perceived lack of proper security awareness training for users at endpoints. A whopping 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.

"I think that's too bad it is that way, but consider that you could cut half of the losses simply by taking care of that problem," Richardson said.

Twenty-five percent of respondents said more than 60 percent of financial losses came from accidental breaches by insiders, not external hacks, and 16.1 percent said 81 to 100 percent of all losses came from accidental breaches as well."

So, less than 60% of organizations surveyed spend at least 1% of their 'security budget' (whatever that means) on 'awareness training' (whatever that means also). I can't say I'm surprised by that but I'd like to know more and check the original source for details.

The GovTech report didn't include a link to the survey, merely a link to the CSI website. There's an obvious link to the survey on CSI's home page, but Heuston we have a problem: it seems the only way to obtain the survey is either to purchase membership of CSI, for over US$200, or obtain a 'free preview' of the report .... which requires me to enter a bunch of personal information.

If, as the GovTech article, suggests there really is a problem with security awareness, it seems rather ironic that the CSI report is not freely available to all without invading our privacy. The report sounds like it might be useful from an awareness perspective but not at that price.

Similar surveys are freely available from many other organizations. Guess I can live without CSI's.

No comments:

Post a Comment