lunes, 22 de junio de 2009

Survey: 20% of IT security professionals cheat on audits

A survey of IT security managers and technical staff has revealed that 20% admit to cheating on an audit to get it passed.

The survey by Tufin was conducted amongst 151 IT security professionals, many of whom were from multinational organizations and government departments, employing 1000 to 5000+ employees as part of their annual “Reality Bytes” security survey.

In fact, the survey discovered that 63% of companies only check and audit their firewalls from anything between 3 months to a year, with a staggering 9% never bothering to check their firewalls at all. 51% admitted that their firewall rules are a mess.

The survey also found that 22% of firewall audits take anything from a few weeks to a few months, with 70% saying that their audits take a few days.

However, from a security perspective with audits not being undertaken frequently and with many taking time to conduct, it can mean that many companies have firewalls that, at best, are running under par and, at worst, contain shadowed or obsolete rules that introduce unnecessary risk to the organization.

In the current climate cost savings are a huge priority to most companies, however in the area of IT security and compliance, 52% of companies have revealed that their organizations have not made them focus on cost cuttings at the cost of security and compliance, which are still priorities that money will be spent on. 48% report cost cuts have impacted their compliance efforts.


No hay comentarios: