nCircle: Few punish security policy violators
The results highlight the challenges in creating and implementing a comprehensive security policy, according to Andrew Storms, nCircle director of security operations. The San Francisco-based vendor surveyed 113 IT security professionals between May 7 to Aug. 16.
"It's interesting that these results are nearly evenly split," said Storms, noting that a minority (49 percent) indicated that their organizations have clearly stated consequences for policy violations. "This reflects the challenge of maintaining a corporate policy that matches a continuously changing threat environment. It also reflects the challenge of applying that policy when every infraction involves a different level of risk and a wide variety of human factors."
Stoms, in a news release, said the results give some reason for hope.
"The fact that nearly half believe their policies do indeed have 'teeth' and are enforceable seems to demonstrate that organizational commitment to maintaining stringent security policy and meting out appropriate consequences is increasing."