Professional Documents
Culture Documents
Previous
Next
DOWNLOAD PDF
MAY 2014
Next
Previous
2014 Strategic
Security
Survey
Previous
Next
Previous
Subscribe
Next
Register
Previous
Next
Previous
Next
Previous
Next
Previous
Download
Subscribe
Next
Register
Previous
Next
DOWNLOAD PDF
Previous
Next
Previous
Next
Next
Previous
Download
Subscribe
Cutting-Edge Security
The top names in security come
together for Black Hat six days
of learning, networking, and
high-intensity skills building. Back
for its 17th year, Black Hat USA
will take place Aug. 2-7 at Mandalay Bay in Las Vegas. Click here for
more information.
Register
Previous
Previous
Previous
Next
informationweek.com
Next
Next
@mdavisCEO
Register
Previous
Next
Previous
Next
Previous
Next
Previous
Download
Subscribe
informationweek.com
Next
J
Perfect Forward
Secrecy: The Next
Step in Data Security
DOWNLOAD NOW
J
Internet Trust MarksBuilding Confidence
and Profit Online
DOWNLOAD NOW
J
Reducing the Cost
and Complexity of
Web Vulnerability
Management
DOWNLOAD NOW
J
The Shortcut Guide to
Protecting Against Web
Application Threats
Using SSL
DOWNLOAD NOW
Register
Previous
Next
Next
Previous
Next
Previous
Previous
Download
Subscribe
informationweek.com
Next
Strong passwords
52%
End-user security awareness training
49%
Log analysis, security information management, or vulnerability analysis and research
33%
Virus and worm detection and analysis
29%
Multifactor authentication
29%
24%
13%
Researching new threats
12%
Secure development processes or source code auditing
11%
DevOps
5%
Writing or preparing written responses to audit items
5%
Offensive security program
4%
Attacker attribution
3%
Data: InformationWeek 2014 Strategic Security Survey of 536 business technology and security professionals at organizations with 100 or more
employees, April 2014
May 2014 5
Register
Previous
Next
Previous
Next
Previous
Next
Previous
Download
Subscribe
Next
Yes
Not sure
26%
18%
56%
No
Data: InformationWeek 2014 Strategic Security Survey of 536 business technology and security professionals at organizations with 100
or more employees, April 2014
informationweek.com
May 2014 6
Register
Previous
Next
Next
Previous
Next
Previous
Previous
Download
Subscribe
Next
informationweek.com
2013
41%
23%
Yes, a minor threat
42%
50%
Not yet, but they will
12%
19%
No
5%
8%
Data: InformationWeek Strategic Security Survey of 536 business technology and security professionals at organizations with 100 or more
employees in April 2014 and 1,029 in March 2013
Register
Previous
Next
Next
Previous
Next
Previous
Previous
Download
Subscribe
informationweek.com
Next
is that you generate data volumes that conventional SIEM systems simply cant handle.
SIEM and log analysis vendors know this, and
theyre all talking about big data and a new
approach to analysis. None of the major providers has mastered the volume, however,
which explains why respondents are building
their own analysis systems.
Even after you make sense of your security
big data, taking advantage of it requires a
response team that can actively manage incidents as theyre discovered. Just a few years
ago, few organizations we worked with had
incidence response groups, so were excited
to see that 72% of respondents have (58%) or
are building (14%) such teams. This is an important trend; the ability to assess a threat and
respond quickly is paramount.
Maybe youre among the 28% of companies
with no plans for an incident response squad
heck, maybe you dont have a security team
at all but are an IT professional wearing multiple hats. If so, perhaps you considered buying
cyber-risk insurance in the past year; we saw a
nine-point increase, to 26%, in the percentage
of respondents with cyber-risk policies, and our
anecdotal data from talking with security professionals is that most companies are at least
talking with insurance providers. Look for this
Formal Approach
Does your organization have a formal security operations center or team that actively manages security incidents and
events as they are generated?
No
28%
58%
Yes
14%
No, but we are building one within the next year
Data: InformationWeek 2014 Strategic Security Survey of 536 business technology and security professionals at organizations with 100 or more
employees, April 2014
Register
Previous
Next
Previous
Next
Previous
Previous
Download
Subscribe
informationweek.com
Next
Sufficient Staffing?
Please rate your agreement with this statement: We have or can easily hire enough skilled people to meet
the threats our organization will face this year.
Strongly disagree
Strongly agree
14%
34%
11%
41%
Somewhat agree
Somewhat disagree
Data: InformationWeek 2014 Strategic Security Survey of 536 business technology and security professionals at organizations with
100 or more employees, April 2014
by leveraging a variety of processor and operating system features. EMET 4.1 would have
mitigated the latest Internet Explorer zeroday attack that affected all versions of Windows. It also protects Office, Adobe, and other
applications.
And while youre at it, use 64-bit Windows.
Many exploits just dont work in 64-bit environments, yet the move to 64 bit isnt going
as fast as it should, with some IT folks blaming their foot-dragging on hardware compatibility issues. Thats hogwash.