1 / 31

CSI 2005 Computer Crime Survey

CSI 2005 Computer Crime Survey. Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey. Eleven Key Findings for the 2005 Survey.

giacinto
Download Presentation

CSI 2005 Computer Crime Survey

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSI 2005Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey

  2. J. Scott 2006

  3. Eleven Key Findings for the 2005 Survey General Note: the number of responses increased dramatically in the 2005 survey, going from 494 responses in 2004 to 700 responses in 2005, even though the sample size remained the same. This was likely due in some measure to an increase in the number of reminders sent to the sample group. ❏Virus attacks continue as the source of the greatest financial losses. Unauthorized access, however, showed a dramatic cost increase and replaced denial of service as the second most significant contributor to computer crime losses during the past year. J. Scott 2006

  4. Eleven Findings for the 2005 Survey - 2 ❏ Unauthorized use of computer systems has increased slightly according to the respondents, but the total dollar amount of financial losses resulting from cyber crime is decreasing. Since the total number of respondents has dramatically increased, this implies a dramatic decrease in average total losses per respondent. Two specific areas (unauthorized access to information and theft of proprietary information) did show significant increases in average loss per respondent. ❏ Web site incidents have increased dramatically. ❏ State governments currently have both the largest information security operating expense and investment per employee of all industry/government segments. J. Scott 2006

  5. Eleven Findings for the 2005 Survey - 3 ❏Despite talk of increasing outsourcing, the survey results related to outsourcing are nearly identical to those reported last year and indicate very little outsourcing of information security activities. Among those organizations that do outsource some computer security activities, the percentage of activities outsourced is quite low. ❏ Use of cyber insurance remains low (i.e., cyber security insurance is not catching on despite the numerous articles that now discuss the emerging role of cyber security insurance). ❏ The percentage of organizations reporting computer intrusions to law enforcement has continued its multi-year decline. The key reason cited for not reporting intrusions to law enforcement is the concern for negative publicity. J. Scott 2006

  6. Eleven Findings for the 2005 Survey - 4 ❏ A significant number of organizations conduct some form of economic evaluation of their security expenditures, with 38 percent using Return on Investment (ROI), 19 percent using Internal Rate of Return (IRR) and 18 percent using Net Present Value (NPV). ❏ Over 87 percent of the organizations conduct security audits, up from 82 percent in last year’s survey. ❏ The Sarbanes-Oxley Act has begun to have an impact on information security in more industry sectors than last year. ❏ The vast majority of respondents view security awareness training as important. However, (on average) respondents from all sectors do not believe their organization invests enough in it. J. Scott 2006

  7. Survey Respondents by Industry J. Scott 2006

  8. Respondents by Number of Employees J. Scott 2006

  9. Survey Respondents by Revenue J. Scott 2006

  10. Survey Respondents by Job Description J. Scott 2006

  11. Percentage of IT Budget on Security J. Scott 2006

  12. Computer Security Expenses / Employee J. Scott 2006

  13. Computer Security Expenditure / Employee J. Scott 2006

  14. Average Security Investment / Employee J. Scott 2006

  15. Organizations using Metrics J. Scott 2006

  16. Percentage Of Security Function Outsourced J. Scott 2006

  17. Average Percent of Security Outsourced J. Scott 2006

  18. External Insurance Against Risks J. Scott 2006

  19. Unauthorized Use in Last 12 Months J. Scott 2006

  20. Survey J. Scott 2006

  21. J. Scott 2006

  22. Web Site Percentage Security Incidents J. Scott 2006

  23. J. Scott 2006

  24. Security Technologies Used J. Scott 2006

  25. Organizations Conduction Security Audits J. Scott 2006

  26. Invest Appropriately on Security Awareness J. Scott 2006

  27. Importance of Security Awareness Training J. Scott 2006

  28. After Intrusion, What Actions Taken J. Scott 2006

  29. Why Not Report to Law Enforcement? J. Scott 2006

  30. Percent of Organizations Sharing Information J. Scott 2006

  31. Survey J. Scott 2006

More Related