TDR

nCircle: Few punish security policy violators

September 24, 2007
Despite growing concern about data breaches, 51 percent of IT professionals surveyed by network security vendor nCircle said their organizations do not have clear consequences for policy violations.

The results highlight the challenges in creating and implementing a comprehensive security policy, according to Andrew Storms, nCircle director of security operations. The San Francisco-based vendor surveyed 113 IT security professionals between May 7 to Aug. 16.

"It's interesting that these results are nearly evenly split," said Storms, noting that a minority (49 percent) indicated that their organizations have clearly stated consequences for policy violations. "This reflects the challenge of maintaining a corporate policy that matches a continuously changing threat environment. It also reflects the challenge of applying that policy when every infraction involves a different level of risk and a wide variety of human factors."

Stoms, in a news release, said the results give some reason for hope.

"The fact that nearly half believe their policies do indeed have 'teeth' and are enforceable seems to demonstrate that organizational commitment to maintaining stringent security policy and meting out appropriate consequences is increasing."

prestitial ad