09 September 2002
Survey Shows Progress in Upgrading Information System Security
(Thirty percent of organizations may be unprepared to withstand
Increasing numbers of corporations are improving their security
measures to withstand a terrorist attack on their information
technology (IT) systems, according to a survey released September 9.
Nevertheless, though the awareness of the potential for such attacks
is high, 30 percent of the IT specialists responding said their firms
are not properly prepared for cyberspace sabotage.
The survey was conducted jointly by the Internet Security Alliance,
the National Association of Manufacturers and RedSiren Technologies, a
private information security company. The Internet Security Alliance
is a coalition of government, academic and private specialists
concerned with protection of the nationís IT infrastructure.
The survey of more than 225 information security specialists found
that almost half their companies have increased spending to guard
against an attack while 60 percent have adopted new or improved
guidelines on how to respond to an attack.
The survey is available in full at http://www.redsiren.com/survey.html
Further information about IT security efforts is available at
The Internet Security Alliance publishes a guide on security
strategies that may be requested at
Following is the text of the news release.
Internet Security Alliance
National Association of Manufacturers
GLOBAL COMPUTER SECURITY SURVEY FINDS ONE-THIRD OF COMPANIES MAY NOT
BE ABLE TO FEND OFF CYBERATTACKS
WASHINGTON, Sept. 9, 2002 - A new survey of information security
specialists at organizations around the world finds that - despite a
high level of awareness of the risk of computer attacks even before
the events of last September 11th - almost one-third of the companies
surveyed say they may still not be adequately equipped to deal with an
attack on their computer networks by cyberterrorists.
Conducted jointly by the Internet Security Alliance (ISAlliance), the
National Association of Manufacturers (NAM) and RedSiren Technologies
Inc., the survey asked respondents to compare their companies'
attitudes regarding information security issues, both today and prior
to last year's terrorist attacks on the World Trade Center and the
Pentagon. The survey found that:
--30 percent of respondents said their firms do not have adequate
plans for dealing with information security and cyberterrorism issues,
down from 39 percent last year;
--33 percent said information security is not a visible priority at
the executive or board level of their organizations;
--39 percent said information security plans are not regularly
communicated to or reviewed by top corporate executives; yet
--88 percent said their companies now recognize information security
as an issue essential to the survivability of their business, up from
82 percent prior to the attacks.
The survey was conducted from Aug. 12-23, targeting corporate
information security specialists around the world. More than 225
responses were recorded from throughout North America, Europe, the
Middle East and Pacific Rim regions.
"Based on these results, our challenge is to educate companies about
the need for taking added preventative steps now, as well as the
hard-nosed reality that this situation will not change. Enterprises of
all sizes have to remain active and vigilant on an ongoing basis if
they are going to protect against cyberattacks on their systems," said
Doug Goodall, RedSiren's president and chief executive officer.
"Information security needs to be a top priority for any successful
business, from the executive level to the IT manager," said Dave
McCurdy, ISAlliance's executive director. "Businesses rely more on the
Internet and e-commerce than ever before and confronting new and
emerging cyber-threats without sound IT security practices is not
sound corporate management." The ISAlliance is the publisher of
"Common Sense Guide for Senior Managers: Top Ten Recommended
Information Security Practices."
Forty-eight percent of respondents said that the September 2001
attacks had made them "more concerned" about cyberterrorism and its
impact on their organizations; 49 percent reported no change in
attitude at all. "This seems to indicate a bit of a disconnect between
the perception of the general threat of cyberterrorism and specific
concern about one's own organization," said Tom Orlowski, vice
president, Information Systems, at NAM. "It may reflect a mentality
that 'it'll never happen to me.' In today's world, that may be a
Almost half of the respondents (47 percent) said their companies have
increased spending on information security since last year, and 38
percent said that trend would continue in 2003. New or improved
information security measures implemented in the past year ranged from
cyber insurance policies (31 percent report obtaining them for the
first time), to incident response plans (60 percent implemented new or
A copy of the full survey results is available at
(Distributed by the Office of International Information Programs, U.S.
Department of State. Web site: http://usinfo.state.gov)
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site