Infosec Pro's Need to Practice What They Preach

Thursday, March 10, 2011



Eric Chabrow of GovInfoSecurity had an interesting writeup regarding a poll conducted during the recent RSA conference in San Francisco.

The poll was conducted by security software provider Ipswitch, and though the number of respondents was small in comparison to the overall conference attendance, the results are nonetheless interesting.

Ipswitch asked conference attendees about the use of employee's personal email in the course of doing business - a taboo practice repeatedly remarked upon as being an enterprise security threat.

The results of the poll of 134 respondents are as follows:

  • 26% - My company does not monitor what I send via personal e-mail.
  • 19% - The files are too large to send from my work e-mail.
  • 15% - It's difficult to connect to work e-mail when outside of the office.
  • 10% - Personal e-mail is significantly faster and more convenient.
  •  8% - I send business documents to myself for use at my next place of employment. 

Ipswitch also asked about attitudes regarding insider threats and the impact of the WikiLeaks disclosure of classified government documents.

Surprisingly, given the level of attention the WikiLeaks breach garnered both in and outside of the information security community, the overall impression of the data loss event seems to indicate it has only had modest impact:

  • 43% - My company ignored the WikiLeaks threat.
  • 39% - My company discussed the risks, but made no major changes to the way we share and protect information.
  • 17% - My company implemented new policies and tools to protect against similar leaks.
  • 11% - My company implemented new policies to protect against similar leaks.

While the majority of respondents indicate they do practice what they preach as far as security best practices, the results of the Ipswitch poll do indicate that a significant portion of those who are assumed to be more security conscious than most still retain a certain level of complacency when it comes to security best practices.

Other results from the poll are available in Chabrow's full article at GovInfoSecurity:


Possibly Related Articles:
Enterprise Security
Email RSA Insider Threats Best Practices Headlines report Employees Infosec
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.