Latest Content from CSI:

Cloud Security's About the Details

How would an Amazon Web Services attacker manage to get their instance loaded on the same physical machine, given that an EC2 customer ostensibly has no control over where in the cloud they are located (beyond some control over the geographical region where they are loaded)? It would seem pretty difficult, but this provides for a perfect example of the sort of ingenuity that cloud attackers can dream up. A team of researchers at MIT and UCSD wrote a paper on research in which they used what they called “cloud cartography” to learn about the mapping of new instances spawned within EC2 to physical IP addresses within Amazon address spaces. More...

Countdown to CSI Annual 2010

SAVE $400. Don't miss out!
Register Now

Poll of the Week

How many security incidents has your organization experienced in the past year?:

STAY CONNECTED WITH CSI!

We post valuable information, special discounts and offer you the opportunity to give your opinion and feedback to other security professionals and CSI.

     

  CSI's Robert Richardson's Twitter

email icon   Join Our Mailing List

And don't forget to check the Director's Cut section for new peeks into the mind of CSI Director, Robert Richardson.
CSI Membership

CSI Members receive key advantages that help define careers. New to CSI? Get started here!

 members
CSI 2010 Annual Conference

October 26 - 29, 2010
National Harbor, MD
Attend security's leading conference focused on providing the security knowledge you need to succeed in today's environment.

 CSI 2010
CSI VX 2010

The Ultimate Virtual Event
A multi-track virtual conference and trade show offering a full conference agenda and designed for audience interaction and engagement. Click here for more information.

 CSI VX
Filter

Unreal (well, virtual).
Agile content for agile security minds.
Security's virtual conferences.
Filter II, November 18, 2010
Interested in presenting?
Submit Today

 CSI Filter
Online Events

Stay informed with our interactive webinars and virtual events.

 CSI Online Events
CSI Computer Crime & Security Survey

The most widely cited cybercrime statistics in the world.
CSI's Mission

If you're an information security professional or are aspiring to be one, then CSI is here to help you succeed.

 CSI Logo

CSI Computer Crime and Security Survey 2009

Become an Elite Member Now for Instant Access to Survey Report

Interested in just the Survey Report? Purchase it here.

Already an Elite Member? - click here to access the report.

 This survey marks the 14th annual edition of the CSI Computer Crime and Security Survey, making it the longest-running project of its kind in the security industry.

Several new questions were added to the CSI survey this year, but the survey continues to describe what kinds of attacks respondents' organizations experienced and how much security incidents cost those organizations. The survey includes information about targeted attacks, incident response and the impacts of both malicious and non-malicious insiders. It contains details about respondents' security programs, including budgeting, policies implemented, tools used, satisfaction with security tools and budgets, degree of outsourcing, use of metrics and effects of compliance requirements.

Also new this year, the comprehensive edition of the survey compares CSI's findings to those of the Verizon Business RISK Team Data Breach Investigations Report, the Ponemon Institute's Cost of a Data Breach report and the Symantec Global Internet Threat Report.

  • Respondents reported big jumps in incidence of password sniffing, financial fraud, and malware infection.
  • One-third of respondents' organizations were fraudulently represented as the sender of a phishing message.
  • Average losses due to security incidents are down again this year (from $289,000 per respondent to $234,244 per respondent), though they are still above 2006 figures.
  • Twenty-five percent of respondents felt that over 60 percent of their financial losses were due to non-malicious actions by insiders.
  • Respondents were satisfied, though not overjoyed, with all security technologies.
  • Most respondents felt their investment in end-user security awareness training was inadequate, but most felt their investments in other components of their security program were adequate.
  • When asked what actions were taken following a security incident, 22 percent of respondents stated that they notified individuals whose personal information was breached and 17 percent stated that they
    provided new security services to users or customers.
  • When asked what security solutions ranked highest on their wishlists, many respondents named tools that would improve their visibility—better log management, security information and event management, security data visualization, security dashboards and the like.
  • Respondents generally said that regulatory compliance efforts have had a positive effect on their organization's security programs.

This year's survey results are based on the responses of 443 information security and information technology professionals in United States corporations, government agencies, financial institutions, educational institutions, medical institutions and other organizations. Their responses cover the security incidents they experienced and security measures they practiced from the period of July 2008 to June 2009.

Become an Elite Member Now for Instant Access to Survey Report

Interested in just the Survey Report? Purchase it here.

Already an Elite member? - click here to access the report.

View the CSI Survey 2009 Webcast, Originally aired December 1, 2009
(This will open in a new browser window...)