IT Security Management Survey

IT Security Management Survey

media.govtech.net
READ

IT Security Management Survey

READ

Executive Summary

IT Security

Management Survey January/February 2009

Produced by: In Cooperation with:

IT Security Management Survey

Introduction

Today’s constituents are increasingly providing personal data through egovernment channels, forcing CIOs

to balance this now virtual world that requires managing the digital identities and access rights of users to

unprecedented volumes of critical IT resources and information.

The bottom line is that effective security management is understanding the who, when and where when it

comes to administering an agency’s identity infrastructure across multiple parties and intra-agency systems

and applications.

The National Association of State Chief Information Officers (NASCIO) ranked Identity and Access Management

(IAM) as one of their top 10 issues for 009. This increased focus prompted Public CIO to survey its readers on their

ability to manage and identify authorization rights, as well as the perceived benefits including potential cost efficiency

gains from the automation of user IT administration processes.

Identity and Access Management: focuses on ensuring users are who they say they are and have permission to access

the data they are seeking. Examples: Single sign-on technologies, user provisioning, authentication technologies,

directory services.

Methodology & Audience

This online survey was completed by a random sampling of Public CIO magazine’s circulation representing

CIOs and their C-level counterparts and management across all levels of government: federal, state and local

and education.

This survey was conducted over a period of approximately six weeks with the targeted population invited to

participate via an online questionnaire. All aspects of the survey including deployment and report preparation

have been completed by Public CIO magazine.

156 Responses Tabulated

Respondent/Agency Profile

Which best describes your role with regards to having the authority to select

vendors and fund new initiatives?

13.5%

Member of committee

17.9%

Influencer

25.6%

Recommender

21.8%

Final decision-maker

21.2%

Involvement

Approximately how many individuals (employees, partners, or citizens) access your

agency/department’s systems and applications?

10.3%

10K- 5K

17.9%

5K-10K

46.8%

46%

of those surveyed have

implemented an Identity

Access Management

strategy. An additional

39% intend to develop

this security strategy in

the future.

Securing IT

employees(62%) and

securing intra-agency

transactions(61%) are

the top ranked situations

where IAM software

is currently in use. In

the future, 39% of

respondents plan to use

IAM software for securing

outward/citizen facing

transactions.

IT Security Management Survey

Executive Summary

1

2

Which of these statements accurately represents your agency/department’s

Identity and Access Management (IAM) strategic position?

14.6%

We do not have an

IAM strategy.

18.5%

We do not have an IAM strategy,

but we intend to develop one

in the future.

46.4%

We already have an IAM

strategy and are working to

enhance it.

20.5%

We are currently developing

an IAM strategy.

For which of the following situations is Identity Management and Access

Management(IAM) software currently in use, or planned?

Securing Intra-Agency

Transaction

Securing Agency-to-

Agency Transactions

Securing IT Employees

(those with high levels

of physical and logical

access)

Securing Outward/

Citizen Facing

Transactions

Currently in Use Planned Don’t Know

60.7% 19.7% 19.7%

44.3% 28.7% 27%

61.5% 21.3% 17.2%

34.4% 38.5% 27%

3

4

How do you rate your agency/department’s ability to manage and identify users

(employees, customers, third-party partners) and control their access to system

resources? Please use the following rating scale (1=very low, 5=very high)

1 3.3%

2 8.3%

Which do you feel are the highest priority benefits of an Identity and Access

Management initiative? Please select all that apply.

40.3%

Manage the identity lifecycle

across the IT environment:

from Web to the mainframe.

3 30.8%

4 31.7%

5 25.8%

0% 10% 20% 30% 40% 50%

67.2%

Centralize and automate monitoring of

all users’ roles and access entitlements

throughout their entire tenure.

42%

Improve regulations

compliance.

49.6%

Expand citizen-centric services

security on the Web.

63.9%

Monitor and audit

security events and

risk on all systems.

Over half, or 58% of those

surveyed, have a high

level of confidence in their

agency/department’s ability

to manage and identify

internal/external users and

administer access rights.

Centralization and automation

of roles and access

entitlements throughout

the user lifecycle ranks

the highest priority benefit

by respondents at

67%. Monitoring and

auditing security events

and risks follows close

behind at 64%.

IT Security Management Survey 5

The majority of respondent

agencies, 43%, allocate

less than 5% of their

IT budget to IAM type

technology.

48%

of those surveyed

have a positive level of

confidence that their

agency/department’s

security policies are

followed appropriately.

IT Security Management Survey

Approximately what percentage of your agency/department’s IT budget

5 is allocated to Identity and Access Management type technology?

6

2.6%

%-50%

1.7%

>50%

20.5%

5%- 5%

32.5%

Not sure

On a scale of 1 to 5, do you feel your agency/department’s information

security policies are followed appropriately?

(1=not followed at all, 5=exceedingly well followed)

1 2.2%

2 14.4%

3 35.3%

4 36.7%

5 11.5%

42.7%

7

Which of these security situations are you dealing with now?

Please check all that apply.

7.2%

None of these.

33.3%

Providing access to citizencentric

applications such as

online licensing.

37.7%

Expanding user communities’

increasing access rights and role

complexity.

75.4%

Managing the identities and

access rights of people inside

your organization.

44.2%

Integrating security with

emerging technology like SOA,

Web Services, Federation and

Mobile Devices.

49.3%

Managing the identities and

access rights of people outside

your organization.

44.2%

Proving continuous compliance

with various regulations quickly

and efficiently.

A significant 75% of

those surveyed consider

managing the identities

and access rights of people

inside their organization

the principle security

challenge they face today.

Providing access to

citizen-centric applications

is the least of concern

at 33%.

IT Security Management Survey

Produced by: In Cooperation with:

Public CIO is published by Government Technology, a division of e.Republic, Inc.

100 Blue Ravine Road I Folsom, CA 95 0 I Phone: 800.9 0. 0 9 I Fax: 91 .9 .1 0 I www.public-cio.com

More magazines by this user
Managing Project Risk
P15 Acceptance - Test Execution
Leadership in Crisis Situations: Five Critical Skills for Success
Leading through change
2008 Digital Cities Survey Executive Summary
State of the Web – Q1 2010
Wireless Broadband Mapping Survey
P17 System Testing Monday, September 24, 2007 Module 3 : Unit Test
Layout 2
Emergency Management HELP from SAP and Business Objects ...
outdoor wireless: increasing mobile workers effectiveness
Public-cio.com
Targeted Online Opportunities
Alltel Wireless
End-of-Phase Checklists
MATERIAL SPECS 2007
MATERIAL SPECS 2007
GTC East 07: P23 Identity Theft
Mobile Revolution
The Next-Generation Government Workforce
Enterprise SOA
Government Technology
NEW JERSEY
Short Presentation Title
EXHIBITOR SERVICE KIT
Journey to the Cloud: New Service Models
California . 2005
eNewsletters:
Long Term Evolution (LTE) Next-Generation Public Safety ...
M0BILE APPLICATI0NS SURVEY EXECUTIVE SUMMARY
Similar magazines
Cloud Security Survey Global Executive Summary
Securing Linux Servers - A Survey
Managing information security: Public sector survey report - Clearswift
Manage and secure your wireless ecosystem with Wavelink ...
More on Vodafone Secure Device manager
Managing and Securing Mobile & Wireless ... - Computerworld
M0BILE C0MMUNICATI0NS SURVEY EXECUTIVE SUMMARY
Operations Management Résumé Benchmarking Survey ... - apics
Cloud Security Survey Global Executive Summary
Survey of National Programs for Managing High-Level Radioactive ...
SECURING TRAVEL PLAN SURVEYS: LB Hillingdon
Whitepaper RSA 2010 Global Online Consumer Security Survey
2001 ASHP Survey of Managed Care and Ambulatory Care ...
Avira Managed Email Security (AMES)
Global Information Security Survey 2003
In the cloud Managed Security Services – The Real wave
Webwasher Secure Content Management 6.0 ... - Errors - McAfee
Handbook for Indian SMEs on managing risks and securing ...
CA Solutions for Identity Lifecycle Management
2015 global trade management survey
Security Surveys & Risk Assessments - GEO-OPS
the third work-life balance employer survey - Management and ...
Survey-on-Somalias-Leadership-Security-and-the-Electoral-Process
In-Depth Analysis on Global Managed Security Services Market 2013-2020
Security provision in Southern Lebanon - Small Arms Survey
SURVEY
Managing Logs & Security Events.pdf - matus
The benefits of an Information Security Management ... - OpenMPE
The benefits of an Information Security Management ... - OpenMPE
summary of the survey

Don't wait! Try Yumpu.
Start using Yumpu now!

Terms of service
Privacy policy
Cookie policy
Imprint
Made with love in Switzerland