Risk
9/13/2012
06:59 PM
Connect Directly
RSS
E-Mail
50%
50%

Survey And Infograph: 65% Of IT Security Professionals Don't Believe Regulation Will Increase Security

Results of nCircle 2012 Government Policy Security Trend Study released

SAN FRANCISCO, CA – September 13, 2012 –nCircle, the leader in information risk and security performance management solutions, today announced the results of the nCircle 2012 Government Policy Security Trend Study. The company surveyed over 547 respondents in the IT security industry, including senior management, IT operations, security professionals, and risk and audit managers.

Highlights from the study include:

66% of respondents don't believe current proposed regulation will improve cyber security for the private sector

65% of respondents say neither DHS nor NSA should regulate cyber security for the private sector

81% believe that the public sector is not doing an adequate job of keeping their personal data secure

83% believe that cyber security investment in the private sector is not sufficient given the risk environment

83% believe that cyber security investment in the public sector is not sufficient given the risk environment

"Over 65% of respondents - a very strong majority - believe the private sector does not need cyber security regulation," said Elizabeth Ireland, vice president of marketing for nCircle. "They know being compliant does not mean your network is secure. IT pros realize effective security regulations are very difficult to craft and must be adequately enforced to improve security across the board. There is growing acknowledgment of the importance of effective cyber security but our regulatory track record does not create a compelling case for the efficacy of regulation."

The study was conducted online between April 19 and May 31, 2012, and covered a range of security topics. To see the complete study, please visit: http://www.ncircle.com/index.php?s=resources_surveys_Government-Policy-Security-Trends-2012.

The study is illustrated in nCircle's The State of Cyber Security infographic. Interested parties have permission to embed and share the infographic on their websites or blogs with attribution.

About nCircle

nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer's premises, as a cloud-based service, or in combination, for maximum flexibility and value.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.