Embed Size (px)
Citation preview
Hosted by
Trends in Enterprise IT Security
Andrew Briney, CISSPEditorial Director, Information Security
October 15, 2003
Hosted by
Agenda
Security Budgets and Spending
Technologies and Services: Hot & Not
What Do You Value Most?
The “Maturing” Profession
Hosted by
Information Security Polling
2003 ISM Annual Survey
• 3,500 IT security professionals
2003 ISM Product Survey
• 1,100 IT security professionals
2003 SearchSecurity Users’ Survey
• 372 IT security professionals
TheInfoPro (TIP), Q3 2003 Survey
• Interviews with 160 senior IT security pros
Hosted by
Global IT Security Market
$17B
$45B
25% CAGR
2001
2006 Source: IDC Corp.
Hosted by
Budget Changes: Since 9/11
Source: SearchSecurity
51% of organizations have increased spending
Hosted by
50%
25% 25%
1 2 3
Hosted by
Will your IT security budget increase in the next 12 months?
1.Yes2.No3.Don’t know
Hosted by
Budget Changes: 2002-2003
Source: TheInfoPro
54% of organizations will increase spending
Stay the same35%
Less11%
More54%
Hosted by
25% 25% 25%
0%
25%
0% 0%
1 2 3 4 5 6 7
Hosted by
By how much will your IT security budget increase in the next 12 months?
1. More than 50%2. 25% -50%3. 10% - 24%4. 1% - 9%5. No change6. Budget will decrease7. Don’t know
Hosted by
IT vs. Security Budgets
% of IT Budgets Devoted to Security
Source: Information Security Magazine
Hosted by
• 2005: 60% will have both.
• 2001: 7% of organizations had BOTH IDS and VA.
Hot and Not (1)
Source: Information Security Magazine
• By 2005, AV, FWs and VPNs will be deployed in 95% of organizations.
Hosted by
125%
225%
350%
Hosted by
Do you plan to invest in managed security monitoring services in 2004?
1. Yes2. No3. Don’t Know/NA
Hosted by
150%
225%
333%
Hosted by
Do you plan to invest in special-purpose security appliances in 2004?
1.Yes2.No3.Don’t Know/NA
Hosted by
Hot and Not (2)
29%
27%
27%
16%
29%
38%
31%
21%
56%
43%
50%
46%
38%
18%
48%
58%
15%
30%
23%
38%
33%
44%
21%
21%
0% 20% 40% 60% 80% 100%
Authentication
Security EventManagement
Access Control andAuthorization
Assessment andAudit Services
Perimeter NetworkSecurity
Security Appliances
Content Filtering
Encryption
Less Money About the Same More Money
In 2003, will you spend more, less or the same amount on these technology areas?
Source: TheInfoPro
Hosted by
25% 25% 25% 25%
0%
1 2 3 4 5
Hosted by
What do you value most when selecting a security product?
1. Features/functionality2. Fit with current network/data infrastructure3. It’s own built-in security4. Price5. Other
Hosted by
Feature Creep
Source: Information Security Magazine
Hosted by
0%
25% 25% 25% 25%
0%
1 2 3 4 5 6
Hosted by
What do you value most when selecting a security vendor?
1.Technical Support2.Produce leading product3.Financial stability4.Strength of R&D5.Breadth of product line6.Other
Hosted by
Vendor Value
Source: Information Security Magazine
Hosted by
25% 25% 25% 25%
0% 0%
1 2 3 4 5 6
Hosted by
To what extent do regulatory and legal requirements drive your security actions?
1. Never
2. Rarely
3. Sometimes
4. Mostly
5. Always
6. Don’t Know/NA
Hosted by
Regulatory Impact
• To what extent do regulatory and legal requirements drive your security actions?
Source: Information Security Magazine
Hosted by
Proactive Defense
• At what point do you act on an emerging security threat?
Source: Information Security Magazine
Hosted by
Risk Analysis
• What type of risk methodology(ies) do you use?
Source: Information Security Magazine
Hosted by
Andy’s Crystal Ball
2004 Security Spending: “Y2K Effect”
Functionality Converges at Perimeter
“Intrusion Defense” Gets Smarter
Profession Continues to Mature
Hosted by
Trends in Enterprise IT Security
Andrew Briney, CISSPEditorial Director, Information Security
October 15, 2003
