Privacy & data protection survey
February 11, 2008 Leave a comment
Deloitte and Ponemon Institute published a survey on privacy and security in the enterprise enviornment.
I saw a talk given by Deloitte today on the survey and here are some of the highlights I found interesting:
- Over 85% of respondents reported at least one breach where user notification was required and 63% reported multiple breaches.
- The most implemented (59.9%) technology solution to privacy and security issues was segregation of duties tools. (Note: this sounds like companies are making use of the RBAC model)
- Data classification was also high (57.7%) on the list of technology solutions. (Note: This may also be part of RBAC, classifying data into roles as well as people)
- Encryption is being implemented (55%) but the encryption isn’t being applied to everything and a significant number of companies fail to adequately protect data both in storage and while in transit.
- Both privacy and security professionals spend most of their time on incident response which includes notifying affected users.
- Female and Male security professionals make approximately the same salary.