Infosec 2009: security managers concerned about end-user ignorance

Half of UK security managers are concerned about end-users' lack of security awareness, a survey has revealed.

Half of UK security managers are concerned about end-users' lack of security awareness, a survey has revealed.

In a poll of more than 700 security professionals, the biggest concerns were a lack of training (48%), an unsupportive company culture (48%), poor employee understanding of policy (46%) and a lack of defined accountability (42%).

Concerns about these obstacles to security compliance are significantly higher than traditional concerns, said the report on the joint (ISC)2 and Infosec Europe 2009 survey.

Only 22% said they are concerned about a lack of budget and 19% said they are concerned about the ability to procure the latest technology.

"The challenges are shifting from the systems to people," said John Colley, EMEA managing director for (ISC)2.

The relatively low concern about budgets suggests security continues to be viewed as a business imperative, even in the current economic climate, he said.

According to Colley, businesses have a huge task ahead to ensure employees understand what is expected of them in terms of IT security and why. "Unfortunately, security requirement are not yet well understood, or worse flouted, often with management support to get the job done," he said.

The survey found that although 60% said there were punitive consequences for non-compliance with security policy, only 2% felt those sanctions were understood by everyone.

According to Colley, many organisations are still in the early stages of improving security awareness.

"The generic programme delivered by the company intranet cannot be adequate, because one size does not necessary fit all," he said.

Colley is to give a presentation on getting the basics of security right at Infosecurity Europe 2009 at Earls Court in London on 30 April.

Infosec 2009: an essential guide for IT professionals >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close