February 18, 2002

Two-thirds of security officers say security awareness dangerously inadequate or inadequate in new PentaSafe Security Awareness Index Report

Survey report compares organization’s security awareness best practices and overall security awareness among employees.

Press Release

Special during RSA Annual Conference, San Jose, CA -- PentaSafe Security Technologies Inc. a leading enterprise security

Special during RSA Annual Conference, San Jose, CA -- PentaSafe Security Technologies Inc. a leading enterprise security policy and management software developer, today announced the publication of its 2002 Security Awareness Index (SAI) Report based on results from a free online survey that helps organizations measure their security awareness. Analyzing responses from 583 companies and 1,350 individual employees worldwide, the 2002 SAI Report indicates that 23 percent of security officers consider their organization´s security awareness as “dangerously inadequate” while an additional 44 percent consider their security awareness inadequate. Nearly 6 out of 10 employees who have taken the survey score, on average, only a “D” or unsatisfactory grade when it comes to appropriate security awareness and behavior.

“The survey results reveal a serious failure on the part of most companies to adequately educate and train their employees in proper security awareness and workplace habits,” according to Todd Tucker, author of the survey and chief security architect for PentaSafe Security Technologies. “It suggests management has to dramatically improve its efforts to educate employees on the best ways to protect their companies against cyber terrorism and other threats, or risk very costly consequences.”

Called the Security Awareness Index (SAI), the survey was developed by PentaSafe Security Technologies, Inc., a Houston-based provider of information security infrastructure software, and is co-sponsored by Computerworld magazine in North America, and Computing magazine in Europe. The survey is available free of charge online at www.humanfirewall.org as part of a security awareness education campaign that assures results are kept strictly confidential according to the site´s privacy policy. The aggregate results from all respondents to the survey have been compiled and analyzed in the new 70-page 2002 Security Awareness Index Report, currently available for purchase online at www.pentasafe.com for $195.00.

Divided into two parts, the Security Awareness Index first asks chief security officers a series of questions that help determine how companies rank in implementing policies and procedures for making employees and others aware of appropriate security behavior. The SAI provides security officers with a quick benchmark on how well their companies are using “best practices” for educating employees on proper security processes compared to other companies in their industry, and of similar size.

The second part of the SAI enables chief security officers to test their company employees´ actual security knowledge and awareness level by emailing an individual survey to up to any number of employees. Responses are then compiled to produce a Security Awareness Index score that measures security awareness among the employees of their particular organizations compared with others in the same industry as well as all respondents.

“While there has been a lot of talk about what organizations must do to guard against the threat of information security breaches, this new security awareness survey gives companies a practical first step to gauge how well their employees understand and follow existing security policies and procedures,” according to Pete Lindstrom, senior industry analyst for information security at Hurwitz Group. “It begins to establish a metric that security officers can use with business management to show a problem exists---and hopefully get the support and funding to do something about it.”

The goal of the SAI, Tucker emphasized, is to give corporate security officers a benchmark measure of their own success or failure in making workers aware of what they must do to safeguard information assets and data. They can then use their results, as well as the 2002 SAI Report, as a tool to help convince top management to commit to funding security awareness programs.

“The Security Awareness Index survey was very valuable,” according to Jim Walsh, Network Administrator for Carthage College in Wisconsin and a participant in the survey. “The survey gave us the information we needed to ensure that security at the user level and user awareness of security policies were being properly addressed. Plus,” he continued, “it showed us where we needed to improve policy formation and dissemination throughout our organization.”

Other SAI survey participant references available to media upon request.

PentaSafe Security Technologies Inc. enables companies to safely grow their businesses by providing a complete security infrastructure solution that includes people, policy and technology. PentaSafe´s solutions help educate people in an organization to comply with information security policies and integrate each policy with best of breed security technology -- all designed to ensure maximum protection of information assets throughout the enterprise. PentaSafe has more than 1,200 customers worldwide, including one-third of the Fortune 100 and 4 of the “Big 5” auditing firms. For more information, visit www.pentasafe.com.

Let's Talk

Welcome, Want to talk to someone? Call our Sales team or request a call and we'll get right back to you.

  • Sales: (888) 323-6768

For support information, please visit Technical Support.

Amy Sachrison
Media and Analyst Relations

Phone: (713) 418-5368
Email: amy.sachrison@netiq.com