September 24, 2004 – 12:09 pm
Pesquisa de Segurança da Ernst&Young
Eu não costumo levar a sério as “big 5″ quando o assunto é segurança da informação. Mas a pesquisa da EY deste ano mostra ótimos resultados, totalmente alinhados com o que eu tenho visto por aí.
Entre os itens mais interessantes está uma observação sobre a atenção para ameaças internas e externas. As ações voltadas para o ambiente externo ganham mais atenção da mídia e dos próprios fornecedores, e acabam ganhando mais atenção dos executivos mesmo quando menos importantes que outras ações, como programas de conscientização e segurança em aplicações internas.
Citando algumas partes interessantes:
“The 2004 Ernst & Young Global Information Security Survey found that, although company leaders are increasingly aware of the risks posed to their information security by people within their organizations, they are not acting on this knowledge. More than 70 percent of the 1,233 organizations – representing some of the leading companies in 51 countries – failed to list training and raising employee awareness of information security issues as a top initiative.”
“The Ernst & Young survey indicates that organizations remain focused on external threats such as viruses, while internal threats are consistently under-emphasized. Companies will readily commit to technology purchases such as firewalls and virus protection, but are hesitant to assign priority to human capital.
“While the public’s attention remains focused upon the external threats,” Bennett said, “companies face far greater damage from insiders’ misconduct, omissions, oversights, or an organizational culture that violates existing standards. Because many insider incidents are based on concealment, organizations often are unaware they’re being victimized. Too many organizations feel that information security has no value when there is no visible attack. This is a perception that has remained unchanged over the decade that Ernst & Young has been conducting this survey.” “
