[Year 12 IT Apps] Good site for data security survey information
for U4O2
Mark Kelly
kel at mckinnonsc.vic.edu.au
Mon Aug 4 15:20:13 EST 2008
http://www.berr.gov.uk/
"BERR helps ensure business success in an increasingly competitive
world. We are the voice for business across Government.
This website provides information about the priorities and policies of
the Department for Business, Enterprise & Regulatory Reform and its
delivery partners. The site also provides a range of practical
assistance to business."
It has lots of handy reports and statistics, such as security threats
and conditions of corporate protection.
e.g.
Info security breaches survey 2008 (UK!!)
http://www.berr.gov.uk/files/file45713.pdf
in which you find that:
UK businesses:
97% have broadband connection to the internet
93% have a corporate website
54% allow staff to access their systems remotely
42% use a wireless network
17% use VoIP
5% have moved some of their IT operations offshore.
30% of companies will be using Voice over IP telephony by the end of 2008.
As a result, IT systems and information security are more important to
UK companies than ever before. For the first time, small businesses
believe security is as high a priority for them as large companies.
84% are heavily dependent on their IT systems
81% give a high or very high prority to information security
77% see protecting customer data as a very important driver of their
expenditure.
This is translating into real improvements in controls, particularly in
basic disciplines such as anti-virus and backups.
99% back up their critical systems and data.
98% have software that scans for spyware
97% filter incoming email for spam
97% protect their website with a firewall
95% scan incoming email for viruses
94% encrypt their wireless network transmissions.
Companies increasingly realise that their people, while their greatest
asset, can be their greatest vulnerability, and so need to be educated
on security risks.
With increasing awareness comes a move away from the traditional user ID
and password and towards stronger authentication techniques such as
smart cards or biometrics.
Over the last six years, the security landscape has changed dramatically.
e. . in 2002, 2% of IT budget was spent on security. This rose to 7% by
2008.
The percentages of companies that had a security incident in the past
year ranged from 45% for small companies (averaging 6 incidents each) to
96% for very large companies (averaging over 400 incidents).
Average costs of the worst incidents ranged from 10,000-20,000 pounds
for a small business to 1-2 million for a very large business.
Virus infections have dropped 25% since 2000, bit unauthorised access by
outsiders is 4 times the level reported in 2000.
Confidential information is increasingly at risk, especially in large
businesses, where:
13% have detected unauthorised outsiders within their network.
9% had fake (phishing) emails sent asking their customers for data.
9% had customers impersonated (e.g. after identity theft).
6% have suffered a confidentiality breach.
But many companies still have a lot to do:
10% of websites that accept payment details do not encrypt them.
21% spend less than 1% of their IT budget on information security.
35% have no controls over staff use of Instant Messaging.
48% of disaster recovery plans have not been tested in the last year.
52% do not carry out any formal security risk assessment.
67% do nothing to prevent confidential data leaving on USB sticks, etc.
78% of companies that had computers stolen did not encrypt hard discs.
79% are not aware of the contents of BS 7799/ISO 27001*
84% of companies do not scan outgoing email for confidential data.
(* refer to http://www.induction.to/bs7799/)
A good site for numbers and issues for U4O2!
--
Mark Kelly
Manager - Information Systems
McKinnon Secondary College
McKinnon Rd McKinnon 3204, Victoria, Australia
Direct line / Voicemail: 8520 9085
School Phone +613 8520 9000
School Fax +613 95789253
kel AT mckinnonsc.vic.edu.au
Webmaster - http://www.mckinnonsc.vic.edu.au
IT Lecture notes: http://vceit.com
Moderator: IT Applications Mailing List
If you Declare War - is it integer or boolean?
More information about the itapps
mailing list