What are the main issues facing CEOs and companies at Board Level on
IT and Internet security? Sources to stats, surveys and research
please

Hi! Thanks for the question.

Our first link provides very recent and detailed survey of CEOs and
Board Room Level people about IT Concerns. The report is by Ernst &
Young and is frequently cited by different publications.

Here are the specific issues that concern CEOs and can be found on page 15.

- Enforcing Information Security Policy
- Raising Employee Awareness / Training
- Improving Data Privacy

The major issues for Board Room Level are the following and can be
seen at page 16 of the document.

Major Virus, Trojan Horse or Worm ? 77%
Employee Misconduct involving Information Systems- 60%
Spam ? 56%
Loss of Customer Data / Privacy- 56%
Distributed Denial of Service Attack- 48%
Financial Fraud using involving information systems- 45%
Misconduct involving third parties with access to information systems- 45%
Physical Security- 40%
Poor Software Quality ? 39%
Theft of Proprietary Information- 39%

?Global Information Security Survey 2004? (Ernst & Young)
http://www.ey.com/global/download.nsf/International/2004_Global_Information_Security_Survey/$file/2004_Global_Information_Security_Survey_2004.pdf


The following is a link to another survey done on top level corporate
digital information security concerns.

?Over the past 12 months, security efforts were focused on building
employee awareness, creating policies, shoring up network security,
and putting business continuity/disaster recovery plans in place.
While it?s clear that investments in tools and processes are beginning
to pay off, security professionals need to focus on aligning security
with business objectives and managing risk to ultimately change the
perception of security from an IT issue to a business issue.?

?The State of Information Security, 2004? By Lorraine Cosgrove Ware
http://www2.cio.com/research/surveyreport.cfm?id=75 


Search terms used:                          
CEO survey concerns information internet security 2004

I hope these links would help you in your research. Before rating this
answer, please ask for a clarification if you have a question or if
you would need further information.
                         
Thanks for visiting us.                         
                         
Regards,                         
Easterangel-ga                         
Google Answers Researcher

---

Request for Answer Clarification by dtnl42-ga on 20 Oct 2004 02:36 PDT

Hi - Great stuff thank you do you have a third source please?

---

Clarification of Answer by easterangel-ga on 20 Oct 2004 02:55 PDT

Hi again!

I have found this 2003 resource wherein the levels of respondents are
in the following positions: CEO, CIO, CTO, Unit Managers, CSO& CISO.

Here are the issues that are of primary concern to these people.


1. "Respondents are worried about the increased sophistication of
threats against their computer systems."

2. "Respondents are recognizing the need for employee awareness and education."

3. "Reporting relationships play a key role in the perception of the
importance of the information security function."

4. "IT security budgets appear to be a single digit percentage of the
overall IT budget."

5. "There is an absence of Key Performance Indicators (KPI) for
Information Security functions."

6. "Conventional wisdom for staffing is obsolete and a new model needs
to take its place."

7. "Fragmented security products contribute to the lack of unified
security programs."

8. "There is a lack of clarity on the impact of multiple governance
initiatives on information security."
 
"2003 Global Security Survey" (Deloitte Touche Tohmatsu)
http://www.deloitte.com/dtt/cda/doc/content/2003%20Global%20Security%20Survey.pdf

I hope this would be of help.

Thanks again!

Easterangel-ga