Research
What Security Professionals Think about Encryption
In this, our first report from Dr. Larry Ponemon and the Ponemon Institute, results from a study show security professionals know what's good for them but don't embrace it.
By Larry Ponemon
Conclusion
Our study indicates that encryption is viewed by many professionals as an important security tool—which enhances the information security and overall sense of trust or comfort in their organizational data protection efforts. One of the most interesting findings is that the use of encryption seems to be motivated more by the concern over prevention of a security breach and protection of the organization's brand and reputation than by concerns over compliance. This suggests that organizations are realizing the importance of raising the bar in the area of data protection in order to maintain the trust and confidence of individuals who are providing their personal information.
Methodology
Our research was conducted independently. We developed our instrument with input from individuals with deep information security expertise and experience using encryption technologies in either government or business environments.
Our Web-based survey utilized two proprietary datasets composed of privacy and information security professionals. Both datasets require subjects to opt-in prior to making contact. All data was captured through e-mail or letter invitation to a secure extranet website. The total sampling frame included 6,298 individuals. Of these, over 91 percent were designated as information security specialists, and the remaining 9 percent were designated information privacy.
The total number of completed responses was 791, a 13 percent response rate. It is interesting to note that 81 percent of the final sample is male and 19 percent is female. Despite differences, this result is appears to be consistent with demographics from the information security sub-sample (which is predominantly male). In sharp contrast, our sub-sample of privacy professionals is skewed toward female subjects.
Sixty-five percent of the respondents were in the information security function in their organizations, 9 percent are just in privacy, and 26 percent are in both security and privacy functions. The primary person most report to is the chief information officer (36 percent) followed by the chief technology officer (30 percent). Ten percent report to the chief security officer and only 7 percent report to the chief privacy officer.
For more information about the 2006 National Encryption Study, please contact us at research@ponemon.org or call 800-887-3118.
CSO
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
