Survey's can be spun in a lot of different ways, and vendor surveys are the worst offenders. When not vetted by someone qualified in psychology, and statistical surveying and analysis, surveys can be faulty and misleading--but yield the kind of results that allow vendors to up the security fear factor that sell more solutions and services.

That said, I would not dismiss the results of such a surveys completely offhand. There are circumstances under which a legitimate survey could easily yield the conflicting results pointed up in the article. This is probably one of them:

One can legitimately say that regulations have been ineffective, and yet that we need more government regulations under the following circumstances:

1. If current regulations only provide vague, general guidance, rather than specific benchmarks (which they do)

2. If the personnel surveyed are mostly security practitioners who are struggling to elevate the visibility and priority of security practices within the organization (which they mostly are).

Security practioners who have been in the game a while, understand that the only way they will be able to accomplish meaningful change, is if their organizations are forced to do so by government mandate. Otherwise, they lack the power and authority to prevail over other forces in their organizations. Therefore, respondents are probably saying they want government to step in and provide mandates with teeth--those that hold their organizations accountable for some minimum level of security, and to stop producing the vague legislative directives we've seen so far.

(c) 2005  Bar Biszick-Lockwood/QualityIT

More Regulations & Compliance

Home