The US-focused survey, conducted by security company nCircle, reveals half of IT security professionals believe their organisation’s security policies fail to define clear penalties for security violations.
On the other hand, half of respondents said that their company policy does include guidelines for security breaches, pointing to confusion amongst US businesses when implementing a coherent policy.
"It is interesting that these results are nearly evenly split,” said Andrew Storms, director of IT security for nCircle, in a statement. “This reflects the challenge of maintaining a corporate policy that matches a continuously changing threat environment.”
“It also highlights the test of applying that policy when every infraction involves a different level of risk and a wide variety of human factors,” he added.
The study questioned 113 IT security professionals between May and August 2007.
Poll split shows challenge of maintaining company security policy
By Fiona Raisbeck on Sep 28, 2007 10:06AM