Networking

10:30 AM
Connect Directly
RSS
E-Mail
50%
50%

Ponemon Auditors' Survey Reveals Poor Opinion Of Security Programs

Auditors generally take a dim view of the data security programs at organizations that they audit, according to a Ponemon Institute survey sponsored by Thales eSecurity. Only about one-third of the respondents said that the organizations are proactive in managing privacy and data protection risks. Further, three of five say they don't feel data security is a strategic priority. Fewer than half believe these organizations have sufficient resources to meet their data compliance requirements. The n

Auditors generally take a dim view of the data security programs at organizations that they audit, according to a Ponemon Institute survey sponsored by Thales eSecurity. Only about one-third of the respondents said that the organizations are proactive in managing privacy and data protection risks. Further, three of five say they don't feel data security is a strategic priority. Fewer than half believe these organizations have sufficient resources to meet their data compliance requirements. The net outcome is that half the audits they conduct reveal serious deficiencies or compliance failures.

The survey indicated a somewhat jaundiced view of the effectiveness of regulatory requirements. Only 40 percent of the auditors said that the organizations they serve believe that compliance actually improves their data security. Two-thirds said that internal policies were a prime means for assessing data security compliance, while just over half cited regulations and laws. Fewer cited industry mandates (45 percent) and contract obligations (34 percent).

Ponemon surveyed 505 auditors, two-thirds of whom characterized themselves as internal auditors. Four of 10 work for business corporations, with the balance spread among auditing and accounting firms, IT consulting and security services companies, and government.

Internal auditors were generally more negative about their organizations' security programs than their external counterparts. For example, 51 percent of external auditors said the organizations they audit make data security a priority, compared with 38 percent of internal auditors. Business units generally control compliance budgets but are not considered the part of the organization most responsible for compliance, the auditors said.

"It's kind of like the fox guarding the hen house," said Larry Ponemon, the institute's chairman and founder. "Business units rather than the law department, IT organization or even compliance own budget, and they determine whether or not to invest in audit." The survey showed that business units control audit budget in 54 percent of the organizations, but are considered primarily responsible for audit in fewer than a quarter of the cases.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Hot Topics
14
White-Box Switches: Are You Ready?
Tom Hollingsworth 7/28/2014
11
Fall IT Events: On The Road Again With 10 Top Picks
James M. Connolly, Editor in Chief, The Enterprise Cloud Site,  7/29/2014
3
25 GbE: A Big Deal That Will Arrive
Greg Ferro, Network Architect & Blogger,  7/29/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed