Security audits infrequent

You might assume that companies are conducting regular security audits to ensure the safety and integrity of their sensitive data and their proprietary information. But that assumption is wrong. A new survey conducted by VanDyke Software and independent researcher Amplitude Research found that companies turn to outside security firms to audit their systems, but only about one in three have their network audited every year.

The survey asked 350 IT executives and network administrators to describe why and how often they audit their data systems internally and with assistance of external security contractors. One-third of the IT professionals said they felt their internal audits "don't go far enough" to protect sensitive data, while 24 percent responded that they had never undergone a formal security audit by an outside organization.

About 72 percent acknowledged that an external security audit was "worthwhile," but only 35 percent conducted outside audits on an annual basis and 14 percent of companies said they go three years or more between audits.

Another recent survey by Imperva and the Ponemon Institute found that 55 percent of U.S. and multinational companies are securing customer credit card data. But the same survey said these companies are not protecting information such as Social Security numbers, phone numbers and bank accounts.

For more on auditing your security systems:
- see this InternetNews.com article

Related Articles:
Your website isn't safe
Cutting costs trumps IT security
Seven reasons websites aren't safe