česky english
Dnes je Neděle, 20. květen 2012 a svátek má Zbyšek

Information Security Survey in Slovak Republic 2008

PSIB

 DOWNLOAD (PDF = 3,24 MB)

We’ve come to the third year of the Information Security Survey in Slovak Republic and we may once again compare and evaluate which paths information security has trodden since the last survey in 2006. Thanks to us now being able to compare our results with the results of the Information security survey in Czech Republic 2007, we may get at least a basic idea of preparedness and information security development across the whole territory of the EU, with all the risks, threats and possibilities which this integration brings with it.

 

After studying the survey results and the authors’ comments on individual points, the reader may get the impression that the basic threats and resulting risks have not currently altered here at all, despite the high-tech boom and the society-wide development. This could also indicate possible reasons why a fifth of the companies taking part in the survey have still not performed a risk analysis and why most of the respondents do not have a work-role in place with a preferential focus on information security. However, a plausible explanation for this is that the current preparation for Euro-conversion in corporate information systems has wholly overshadowed other internal projects.

 

Today, in the dynamic and fast-changing times where some companies vanish from the market before they even have a chance to identify their information security threats, it is good that there are at least basic security rules and accepted practices which others can follow and point the way towards improved and higher quality security, always respecting the financial considerations. In practice, high-quality information security management always encounters an unexpected obstacle, which we could recently have seen in the example of information outflow from leading and prosperous companies, which was a surprise to everybody.

 

Consequently, if the reason cited as the most significant for improving information security is the need for personal and business data protection, we move on to those companies where applied information technologies solely play the role of an enabler of the above protection as it was initially intended. The responsible employees now have a clearer objective but, on the other hand, it is seldom easy for them to substantiate the extent of investments in these technologies. This situation is also supported by the expectations of IT managers, as indicated in the survey, that the security staff bring information security expertise appropriately into accord with effective communication with the top management.

 

The partners in this year’s survey – Ernst & Young, the National Security Authority SR, the magazine DSM – Data Security Management and TATE International Slovakia – believe that the readers and users of this survey’s results will have time to stop, look back and choose from the survey interesting and necessary information in order to identify their objectives in heading towards the ideal state of information security.

 

 

THE MAIN FINDINGS

  • In 2008, 92% of Slovak companies taking part in the survey asserted that information security was important, whereas 18% of them still assessed their state of information security as poor or inadequate.
  • Data security, data protection, the rapid pace of developments in IT and concerns about attacks were cited by companies as the factors most motivating them to invest in information security.
  • 83% of companies do not employ a specialist whose priority role is to focus on information security.
  • Employees who are actively engaged in information security earn on average around SKK 43,000 (€ 1,427.34), which is a substantial increase on the previous survey carried out in 2006.
  • What the companies value most with regard to their information security staff includes understanding of related issues, IT technologies and their flexibility. On the other hand, they lack expertise in financial management and the ability to communicate effectively with the management.
  • It is common practice to integrate information security within IS/IT departments. Only in 18% of cases do companies plan an average budget for security issues; predominantly, this represents 10% of the overall budget for IS/IT. Only a poor third of companies then calculates any return on their investment in information security.
  • 65% of companies have security policies in place, which in 43% of cases are regularly redesigned and updated. More and more companies implement policies of intermediate extent, in preference to both long-term and short-term policies.
  • Most companies are subject to their own internal standards or to those of their parent companies.
  • The major identified threats are seen to be those posed by power outage, SPAM or hardware malfunction.
  • Compared to 2006, issues relating to computer viruses have begun to reduce in severity.
  • The greatest challenges recently faced by the respondent companies are Euro-conversion and the implementation of new operating systems.
  • Up to 34% of companies have no system in place for monitoring security incidents and more than a quarter have no appropriate formal procedures in place.
  • There is a growing number of companies that have drawn up and prepared Disaster Recovery Plans and the majority of them update and test them on a regular basis.
  • The main priorities for information security are solving problems which companies have already identified. The development of new IT solutions is no longer a significant priority and, similarly, reduced emphasis is placed on analyses and findings of audits or recommendations of suppliers.
  • Almost 20% of companies have never performed an IS risk analysis.
  • A third of companies resolve their information security issues at their own expense and two-thirds turn to external suppliers for their solutions. An insignificant percentage has no dealings in this area at all.
  • Compared to 2006, the share of companies who are able to and permitted to use an electronic signature dropped from a third to a quarter. The same number has no plan to introduce electronic signatures at all. The lack of applications supporting electronic signatures and its random acceptance by the state represent the main obstacles to its introduction into practice.
  • A faster pace for the development of information security is impeded by a low level of security awareness and high associated costs.
  • Banks and financial institutions still represent the leaders in the information security area, along with IT companies which deliver outstanding results.

 

"Source PSIB SR ´08, Ernst & Young, NBÚ SR, DSM – data security management, TATE International Slovakia."
© PSIB SR ´08, Ernst & Young, NBÚ SR, DSM – data security management, TATE International Slovakia

Used Sources:
"Source PSIB SR ´06, KPMG Slovensko spol. s r.o., DSM – data security management, NBÚ SR"
"Source PSIB SR ´04, KPMG Slovensko, DSM – data security management, NBÚ SR"


 
TATE International s.r.o.
Hořejší nábřeží 21
150 00 Praha 5

Tel: 257 920 319-20
Fax: 257 313 695
e-mail dsm@dsm.tate.cz
DSM je odborný čtvrtletník zaměřený na problematiku informační bezpečnosti a ochrany dat. Jeho posláním je přinášet čtenářům aktuální přehled informací a vývojových trendů v širších souvislostech legislativních, sociálních, metodologických a technologických. Časopis vychází od roku 1997 a od roku 1998 je recenzovaným časopisem.
tvorba www stránek emocio