česky english
Dnes je Sobota, 4. únor 2012 a svátek má Jarmila

Information Security Survey in Czech Republic 2009

PSIB

 DOWNLOAD (PDF = 1,9 MB)

This year’s Information Security Survey in the Czech Republic (PSIB® ČR’09) is exceptional. It is now ten years since the first such survey was carried out, and the fact that this concept has endured and evolved over what is a long period of time in the world of IT is proof that PSIB® has a purpose, value and contribution for the community of people involved in information security.

 

Let us try to imagine what 10 years actually means in the dynamic environment of IT and how old the technologies are which we nowadays regard as a regular part of our lives (“dates of birth” are shown in brackets) – the Internet (1996), Linux (1994), Active Directory (2000), Java (1995), ICQ (1996), WiFi (1996). And if we add to that list the DVD, which first appeared in 1995, four years prior to PSIB®, and which has now been virtually retired from active service, we can appreciate the huge success represented by the continuous organization of the survey.

 

Naturally, this year’s survey differs considerably from the first year the survey was conducted in 1999. Many areas which were then new and exciting have been mastered and technology has moved on. To include such areas in this year’s survey would be a waste of effort, time and paper. On the other hand, there are evergreen topics which continue to represent a challenge, provoke open debate and create space for discussion: where information security should belong, whether it should have its own budget, whether it is possible to determine the return on investments made into security – these are just a few examples which will be and must be part of future surveys.

 

Unfortunately this year’s survey is also unique in that for the first time we can monitor the impact of negative economic conditions, an intensive drive for efficiency accompanied by a reduction of investments in many spheres, etc.

 

All of the survey’s partners over many years, namely Ernst & Young, the National Security Authority, and the magazine DSM – data security management, hope that you find the survey interesting and thought-provoking and that it prompts subsequent debates.

 

 

 

 

THE MAIN FINDINGS

  • 69% of respondents believe that the impact of the economic crisis on information security will be zero or positive.
  • Fewer respondents now rate as poor their own handling of information security.
  • The threat of attack continues to be the most important driver of information security enforcement.
  • The number of companies is declining in which no single employee has clearly defined responsibility for information security.
  • In the vast majority of companies information security is incorporated into IS/IT divisions.
  • Generally speaking the greatest obstacle to the faster implementation of information security is low awareness of the issue as such. The proportion of companies which put this obstacle in top place above financial demands is on the increase. At the same time only 21% of organizations have introduced a functional program for increasing awareness in this sphere.
  • Increasing security awareness is also the most frequently cited activity with the potential for cost savings over the medium term.
  • Two thirds of respondents already have an established security policy.
  • SPAM and power failures remain the most frequently recorded security incidents.
  • The virtualization of servers is at present the biggest challenge facing half the companies questioned.
  • Almost two thirds of companies do not have adequate security incident procedures in place.
  • The number of organizations which have never undertaken an IS risk analysis has fallen to 16%.
  • 63% of companies resolve information security in collaboration with external firms.
  • Four fifths of companies do not have a dedicated information security budget. Expenses in this sphere are most often 1-5% of the total IS/IT budget.
  • Almost two thirds of organizations do not carry out an analysis of return on investment in security projects.
  • 66% of respondents have/plan to have information security reviewed by an external firm.
  • The most frequently outsourced part of IT is an Internet connection.
  • Employees spend more than 30 minutes a day on the Internet performing non-work-related activities in almost one fifth of companies.
  • 77% of companies monitor the activities of their employees on the Internet.
  • Only 5% of companies do not use and are not planning to use an electronic signature in the future.
  • 14% of organizations are not able to say what the advantages of using an electronic signature are.
  • More than half of those questioned believe that the impact of the Personal Data Protection Act on information security is zero or negligible.
  • 74% of companies rate the level of information security in the Czech Republic as the same as or better than in Western European countries.

 

"Sources: PSIB ČR ‘09, Ernst & Young, NBÚ, DSM – data security management"

2009 © Ernst & Young, NBÚ, DSM – data security management


 
TATE International s.r.o.
Hořejší nábřeží 21
150 00 Praha 5

Tel: 257 920 319-20
Fax: 257 313 695
e-mail dsm@dsm.tate.cz
DSM je odborný čtvrtletník zaměřený na problematiku informační bezpečnosti a ochrany dat. Jeho posláním je přinášet čtenářům aktuální přehled informací a vývojových trendů v širších souvislostech legislativních, sociálních, metodologických a technologických. Časopis vychází od roku 1997 a od roku 1998 je recenzovaným časopisem.
tvorba www stránek emocio