Study highlights security disconnect

October 29, 2008 — 9:43am ET | By Judi Hasson

Tools

Tags
IT professionals
Marie Hattar
IT Security
Productivity
gap
Cisco Systems
security policies
email

A new study commissioned by Cisco found that many employees are not aware of or don't understand IT security policies, and some just ignore them in the name of productivity. The survey of 2,000 employees and IT professionals in 10 countries, found a 20 to 30 percent gap between what IT professionals and other employees said about security policies. The survey also found that security policies were often passed along to employees via e-mail.

"When most employees get another announcement from IT about some policy or what have you, the typical response is to hit delete," said Marie Hattar, vice president of Network Systems and Security Solutions at Cisco. "That kind of nonverbal mode of communication, if you are depending on that, is not a very effective way of [informing employees]."

When employees were asked why they broke security policies, the most popular responses were either that the policies don't align with the realities of their job, they need access to applications not included in the policy, or both. But when IT pros were asked why employees violated policy, the most popular answers were variations on the theme of apathy and a lack of awareness. Perhaps, notes eWeek.com, this disconnect is related to a lack of understanding on the part of IT professionals about how employees use technology to do their jobs.

For more on this security issue:
- check out this eWeek.com article

SHARE WITH: