February 18, 2002
Two-thirds of security officers say security awareness dangerously inadequate or inadequate in new PentaSafe Security Awareness Index Report
Survey report compares organization’s security awareness best practices and overall security awareness among employees.
Special during RSA Annual Conference, San Jose, CA -- PentaSafe Security Technologies Inc. a leading enterprise security
Special during RSA Annual Conference, San Jose, CA -- PentaSafe Security Technologies Inc. a leading enterprise security policy and management software developer, today announced the publication of its 2002 Security Awareness Index (SAI) Report based on results from a free online survey that helps organizations measure their security awareness. Analyzing responses from 583 companies and 1,350 individual employees worldwide, the 2002 SAI Report indicates that 23 percent of security officers consider their organization´s security awareness as “dangerously inadequate” while an additional 44 percent consider their security awareness inadequate. Nearly 6 out of 10 employees who have taken the survey score, on average, only a “D” or unsatisfactory grade when it comes to appropriate security awareness and behavior.
“The survey results reveal a serious failure on the part of most companies to adequately educate and train their employees in proper security awareness and workplace habits,” according to Todd Tucker, author of the survey and chief security architect for PentaSafe Security Technologies. “It suggests management has to dramatically improve its efforts to educate employees on the best ways to protect their companies against cyber terrorism and other threats, or risk very costly consequences.”
Divided into two parts, the Security Awareness Index first asks chief security officers a series of questions that help determine how companies rank in implementing policies and procedures for making employees and others aware of appropriate security behavior. The SAI provides security officers with a quick benchmark on how well their companies are using “best practices” for educating employees on proper security processes compared to other companies in their industry, and of similar size.
The second part of the SAI enables chief security officers to test their company employees´ actual security knowledge and awareness level by emailing an individual survey to up to any number of employees. Responses are then compiled to produce a Security Awareness Index score that measures security awareness among the employees of their particular organizations compared with others in the same industry as well as all respondents.
“While there has been a lot of talk about what organizations must do to guard against the threat of information security breaches, this new security awareness survey gives companies a practical first step to gauge how well their employees understand and follow existing security policies and procedures,” according to Pete Lindstrom, senior industry analyst for information security at Hurwitz Group. “It begins to establish a metric that security officers can use with business management to show a problem exists---and hopefully get the support and funding to do something about it.”
The goal of the SAI, Tucker emphasized, is to give corporate security officers a benchmark measure of their own success or failure in making workers aware of what they must do to safeguard information assets and data. They can then use their results, as well as the 2002 SAI Report, as a tool to help convince top management to commit to funding security awareness programs.
“The Security Awareness Index survey was very valuable,” according to Jim Walsh, Network Administrator for Carthage College in Wisconsin and a participant in the survey. “The survey gave us the information we needed to ensure that security at the user level and user awareness of security policies were being properly addressed. Plus,” he continued, “it showed us where we needed to improve policy formation and dissemination throughout our organization.”
Other SAI survey participant references available to media upon request.
PentaSafe Security Technologies Inc. enables companies to safely grow their businesses by providing a complete security infrastructure solution that includes people, policy and technology. PentaSafe´s solutions help educate people in an organization to comply with information security policies and integrate each policy with best of breed security technology -- all designed to ensure maximum protection of information assets throughout the enterprise. PentaSafe has more than 1,200 customers worldwide, including one-third of the Fortune 100 and 4 of the “Big 5” auditing firms. For more information, visit www.pentasafe.com.
Copyright© 2019 Micro Focus Corporation. All Rights Reserved. Micro Focus and the Micro Focus logo are trademarks or registered trademarks of Micro Focus Corporation in the USA. All other trademarks, trade names, or company names referenced herein are used for identification only and are the property of their respective owners.