Survey Looks At Security Management Practices, Compliance Weaknesses
SenSage recently announced the results of an industry survey on security management practices taken during the RSA Conference in March. The survey of 360 security professionals identifies several weaknesses in respondents' log management, compliance reporting, real-time monitoring, forensic investigation and incident response processes:
- Fifty-two percent involve only one or two groups in security management processes.
- Fifty-eight percent report that their security management processes have no coordination or only reactive triage across teams.
- Sixty-nine percent state that they do not consistently measure these processes for results.
All of these weaknesses contribute to an alarming report card for security management. Addressing stakeholders' perceptions of the effectiveness of these processes, only 39 percent of respondents estimate they are perceived as "effective" or "very effective" whereas 61 percent estimate they are perceived as "ineffective" or "somewhat effective."
Other notable findings of the survey include:
- Forty-two percent of respondents utilize four or more different products to address their log management, compliance reporting, real-time monitoring, forensic investigation and incident response requirements.
- A slight majority of respondents (53 percent) state that they consistently improve these processes; yet 66 percent state that these process improvement initiatives are understaffed.