The security data and survey directory
Security data. Everybody needs it. Lots of companies and organizations are producing it. Here's where to find it.
IT Security Spending, Budgets & Priorities
The Global State of Information Security 2011
Conducted by: CSO, PricewaterhouseCoopers, CIO
Number of respondents: More than 12,000 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 130
countries.
Analysis of respondents' challenges and approaches to cloud security, secure business partner relationships, and more.
2010 results - PDF
2008 results
2007 results
2006 results
2005 results
2004 results
2003 results
2010 TMT Global Security Study
Conducted by: Deloitte's Information & Technology Risk Services practice
Sponsored by: Unsponsored
Number of respondents: Nearly 150 TMT organizations around the world.
This fourth edition of Deloitte's Technology, Media & Telecommunications Global Security Study examines key areas of security and privacy and finds that information security spending is modestly bouncing back after a decline in 2009.
Deloitte 2010 Global Security Survey: The Faceless Threat
Conducted by: Deloitte's Global Financial Services
Sponsored by: Unsponsored
Number of respondents: 350 major financial institutions.
Of 19 options, nearly half of respondents chose identity and access management as their top security initiative for 2010. The survey also examines data loss and regulatory compliance priorities.
2010 Update: What Organizations Are Spending on IT Security
Conducted by: Gartner
Sponsored by: Unsponsored
Origin of data: Information taken from a number of Gartner reports.
Efficient security will allow IT to safely cut security budgets by 3 percent to 6 percent through 2011, according to a Gartner study. Researchers say those with either very mature or recently updated security programs will save even more. Study also looks at security spending and "platforms" versus "best of breed" options.
Insights from
Deloitte's 2009 Global Shared Services Survey
Conducted by: Deloitte
Sponsored by: Unsponsored
Number of respondents: 265 shared services leaders representing 702 individual shared services centers with a median annual revenue of $10.5 billion.
Cost reduction was highlighted in this survey: 72 percent of respondents said it was one of their top three priorities over the next 2 years. Also, 57
percent plan to increase the number of advisory processes in shared services in the same period.
Information Security Spending Survey: 2009 Results
(Impact of the Recession)
Conducted by: Joint effort between MetroSITE Group and Pacific Crest Securities.
Sponsored by: Unsponsored
Number of respondents: 53 top security professionals worldwide.
Governance, compliance, mobility and identity and access management will continue to receive funding, according to a 2009 survey. IT security spending is primarily being driven by compliance, followed by threat reduction and brand protection.
2010 Top Five Total Rewards Priorities Survey
Conducted by: Deloitte Human Capital
Sponsored by: Deloitte and the International Society of Certified Employee Benefit Specialists
Number of respondents: 292 diverse employers.
A look at job security and other employee/employer priorities during the 2010 financial crisis.
Physical Security, Fraud and Loss Prevention
Report to the Nation
Conducted by: Association of Certified Fraud Examiners
Sponsored by: Unsponsored
Origin of data: Based on 959 cases of occupational fraud reported by the CFEs who investigated and resolved them.
2008 study examines occupational and other fraud incidents—it finds the typical occupational scheme lasts 2 years and results in a median loss of $175,000.
National Retail Federation research
The NRF conducts periodic surveys on Organized Retail Crime, return fraud, and more. See the linked page for connections to their latest research.
Report: Global Theft Decreases in 2010
Conducted by: Centre for Retail Research
Sponsored by: Checkpoint Systems
Number of respondents: 1,103 large retailers in 42 countries.
2010 survey looks at physical loss of retail merchandise to crime and waste, and studies its impact on retailers and consumers.
Theft Surveys by Jack L. Hayes International
Conducted by: Jack L. Hayes International (a loss prevention consulting firm)
Number of respondents:Varied
A limited amount of data is avaible on the linked page, covering retail theft, shoplifting, and related areas.
The Cost of a
Lost Laptop
Conducted by: Ponemon Institute LLC
Sponsored by: Intel Corporation
Number of respondents: N/A
The 2009 study examined 138 cases involving laptop computers lost by an employee, a temporary worker or contractor. Based on replacement cost, lost intellectual property and other factors, the average value is an estimated $49,246. In cases examined by the study, 80 percent of that cost was attributed to lost intellectual property.
Social Insecurity: What
Millions of Online Users Don't Know Can Hurt Them
Conducted by: Consumer Reports National Research Center
Sponsored by: Unsponsored
Number of respondents: 2,000 online U.S. households.
Twice as many U.S. households now use social networks than did last year, and, in many cases, are exposing themselves to new risks. A 2010 study found 40
percent posted their full birth date, exposing themselves to identity theft, while 26 percent posted their children's photos and names, potentially
exposing them to predators. Also, one quarter didn't use Facebook's privacy controls at a time when 9 percent of social network users experienced malware
infections, scams, identity theft or harassment.
Security of Paper Documents in
the Workplace
Conducted by: Ponemon Institute
Sponsored by: Alliance for Secure Business Information
Number of respondents: 819 individuals who work in IT operations, IT security, data protection and compliance in large organizations in a variety of
industries.
This 2008 study appears to stand the test of time and has not been replaced by more current research. Eighty percent of respondents said they had one or more data breaches in the past 12 months; of those, 49 percent said one or more of the breaches involved the loss or theft of paper documents. Seventy-one percent of respondents acknowledge an incident in which sensitive or confidential paper documents were lost or misplaced in their organizations.
Airport Insecurity: The Case of Lost Laptops
Conducted by: Ponemon Institute
Sponsored by: Dell
Number of respondents: 864 business air travelers in the U.S.
2008 survey reports that, on average, 12,255 laptops go missing at U.S. airports each week and 42 percent don't back up the data in their
laptop computers. Only one-third of those turned into airport Lost and Found departments are ever reclaimed.
Business Risk
of a Lost Laptop: A Study of U.S. IT Practitioners
Conducted by: Ponemon Institute LLC
Sponsored by: Dell Corporation
Number of respondents: 714 IT and IT security practitioners with an average of almost 7.5 years of domain-specific experience.
2009 study looks at the business risk of poor laptop security. Sixty-five percent of respondents say the number of lost or stolen laptops is up from
previous years; 75 percent say they know of an incident in their organization where sensitive or confidential data was at risk because of a lost or stolen laptop computer.
The 2010 State of
Cyberethics, Cybersafety, Cybersecurity Curriculum in the U.S. Survey
Conducted by: Zogby International
Sponsored by: National Cyber Security Alliance
Number of respondents: 1,003 teachers, 400 K-12 school adminstrators and 200 technology coordinators.
Survey targets teachers, school administrators and technology coordinators in an effort to understand whether students are receiving adequate guidance to
use digital technology and the Internet in a safe and responsible manner. Thirty-nine percent of teachers responded that over the last 12 months they'd taught students how to make decisions about sharing personal information online; 33 percent about the dangers of social networking sites; 30 percent about
watching for online predators; and 28 percent about what to do if they receive harassing messages.
The National Campus Safety and Security Project
Survey
Conducted by: The National Association of College and University Business Officers
Sponsored by: Funded in part by the Lilly Endowment.
Number of respondents: 342 institutions.
Roughly 15 percent of repondents do not currently have an emergency preparedness plan that at least meets the standards set by the National Fire Protection
Association; of those, 40 percent are near completion of one. Survey looks at many factors including use of security cameras and other technologies,
emergency communication plans and business continuity.
More Than Half of Americans Surveyed Are
Not Worried About Swine Flu
Conducted by: Harris Interactive
Sponsored by: Deloitte Center for Health Solutions
Number of respondents: 1,010 U.S. adults.
2009 survey reports that 52 percent of Americans don't believe the H1N1 virus will have a major impact in the United States; 41 percent do not plan to get vaccinated. It also examines who plans to get vaccinated, and if they know where to get vaccinated.
Energy Security&America's Best
Defense
Conducted by: Deloitte Global and U.S. Aerospace & Defense
Sponsored by: Unsponsored
Number of respondents: Not applicable.
2009 study reports that a huge increase in fuel use by the military (175 percent increase per soldier during wartime since Vietnam) puts a focus on fuel security. Energy supplies are often a primary target, and, according to its methodologies, the Deloitte study found that "without game-changing shifts, the current Afghan conflict may result in a 124 percent increase in U.S. casualties through 2014."
Security Controls
Trust, Security and Passwords Report
Conducted by: Cyber-Ark
Number of respondents: 1,400 IT staffers and C-level professionals across North America and EMEA
57 percent of executive respondents believe that cybercriminals will present more of a security risk than insider threats over the next one to three years. The survey also reports that 20 percent believed their companies had been sabotaged by insider and 16 percent think insider sources may have passed confidential information to their competitors.
Securosis 2010 Data Security
Survey
Conducted by: Securosis, L.L.C.
Sponsored by: Imperva
Number of respondents: 1,176
Roughly half of responding organizations have some form of data security controls deployed; e-mail filtering was listed as the most common control and also the least effective. While 88 percent of respondents must meet at least one regulatory requirement, "to improve security" was the most common driver for adding data security controls.
SANS Sixth Annual Log Management Survey Report
Conducted by: SANS Institute
Sponsored by: ArcSight, LogLogic, NetForensics, Novell, RSA and Trustwave
Number of respondents: 500+
Conducted in April 2010, survey reveals log management is gaining popularity and now includes logs gathered from other devices than firewalls, switches, routers and IDS/IPS. While the number of users trying to derive more value from their log data has increased, many respondents say analyzing and reporting on all the data remains a critical problem.
Security Software and Services Spending Will Outpace Other IT Spending Areas in 2010
Conducted by: Gartner, Inc.
Sponsored by: Unsponsored
Number of respondents: More than 1,000 IT professionals with budget responsibility worldwide.
Note: $95.00 fee and registration required.
A 4 percent increase in security software budgets is anticipated for 2010, including the areas of security information and event management (SIEM), e-mail security, URL filtering and user provisioning. A managed security services spending increase is also expected.
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
Database security: At rest, not at risk
IT risk assessment frameworks
How to do end-to-end encryption
Also find sample data protection policies in CSO's tools, templates and policies library
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- Content Analytics Explained
- Attacks from China: A survival guide
Chinese cyberattack activity is back in the news this morning, with new details emerging on new attacks. Here's a collection of stories to help infosec pros better understand the threat. - #FFSec: Infosec pros who bring value to Twitter
- B-Sides Boston is Saturday
More Salted Hash with Bill Brenner
