A new study commissioned by Cisco found that many employees are not aware of or don't understand IT security policies, and some just ignore them in the name of productivity. The survey of 2,000 employees and IT professionals in 10 countries, found a 20 to 30 percent gap between what IT professionals and other employees said about security policies. The survey also found that security policies were often passed along to employees via e-mail.
"When most employees get another announcement from IT about some policy or what have you, the typical response is to hit delete," said Marie Hattar, vice president of Network Systems and Security Solutions at Cisco. "That kind of nonverbal mode of communication, if you are depending on that, is not a very effective way of [informing employees]."
When employees were asked why they broke security policies, the most popular responses were either that the policies don't align with the realities of their job, they need access to applications not included in the policy, or both. But when IT pros were asked why employees violated policy, the most popular answers were variations on the theme of apathy and a lack of awareness. Perhaps, notes eWeek.com, this disconnect is related to a lack of understanding on the part of IT professionals about how employees use technology to do their jobs.
For more on this security issue:
- check out this eWeek.com article [1]
Related Articles:
Staffer fired for discussing security lapses [2]
Protect your IM security [3]
Survey: Top IT priorities are alignment, staffing [4]
Links:
[1] http://www.eweek.com/c/a/Security/Cisco-Study-Highlights-Common-Failures-of-Enterprise-Security-Policies/
[2] http://www.fiercecio.com/story/staffer-fired-for-discussing-security-lapses/2008-05-27
[3] http://www.fiercecio.com/story/protect-your-im-security/2008-08-27?utm_medium=rss&utm_source=cio_IT%20Security&cmp-id=OTC-RSS-FC0
[4] http://www.fiercecio.com/story/survey-top-it-priorities-alignment-and-staffing/2008-08-26