Take an Early Peek at Our Gov't Infosec Survey
Lack of This, Lack of That Cause VulnerabilitiesWe're in the midst of fielding our inaugural State of Government Information Security survey for 2011, and though it's too early to share the results, some of the responses already provide insight into how government information security pros see their organizations defend IT
One of the survey questions asks: What poses the greatest threat to the security of your agency's IT systems? We provide eight choices: Configuration errors, exploitable software vulnerabilities, inadequate identity management/authentication, insider threats, malware phishing/spear phishing, poor practices, website vulnerabilities and other, in which respondents furnish their own answers.
The other responses provide additional perspectives into the mindset of some government IT security professionals. The term "lack" appears in about a quarter of the other responses: lack of internal network security, lack of policies, lack of regulation and lack of situational awareness, to name a few. Several respondents don't employ the term "lack," but imply it, lamenting declining budgets and inadequate funding.
Top management also comes under attack, with one respondent complaining about "management's attitude about ignoring security in favor of new toys and unwillingness to spend money on a real meaty security awareness program." Another grumbles: "Top management buying what they want because 'everyone else has it.'" Others gripe about failure to enforce policies, apathy and corruption.
What do you think poses the greatest threat to the security of your agency's IT systems? Let us know. We're keeping the survey open for another week, so if you're involved in any aspect of local, state or federal government IT security, and haven't taken the State of Government Information Security survey, please do so now.