Latest Content from CSI:

Is Data Loss Plummeting?

Our guess is that the primary finding of the latest Verizon business 2011 Data Breach Investigations Report –namely that even with doubling the number of examined incident cases, the total number of compromised data records dropped by an order of magnitude—will be so unpalatable to some that the report will fall off the radar in a hurry.  [more]

STAY CONNECTED WITH CSI!

We post valuable information, special discounts and offer you the opportunity to give your opinion and feedback to other security professionals and CSI.

     

  CSI's Robert Richardson's Twitter
Online Events

Stay informed with our interactive webinars and virtual events.

 CSI Online Events
CSI Computer Crime & Security Survey

The most widely cited cybercrime statistics in the world. Access your copy today.

 CSI Computer Crime & Security Survey
ICSC 2011

May 19-21, 2011 in Mumbai, India
ICSC 2011 features a comprehensive program, covering key topics, to provide the security knowledge one needs to succeed in today's environment.
Learn more here.

 ICSC 2011
CSI's Mission

If you're an information security professional or are aspiring to be one, then CSI is here to help you succeed.

 CSI Logo

CSI Computer Crime and Security Survey 2010/2011

 
Already an Elite Member? - click here to access the report.

Interested in just the Survey Report? Obtain it here.

This survey marks the 15th annual edition of the CSI Computer Crime and Security Survey, making it the longest-running project of its kind in the security industry.

 

Elite Members - Access here.

There are lots of information security reports out there, but most of them are produced by vendors, or by analyst groups hired by vendors. The CSI survey is independent and is uniquely focused on what happens in average enterprises that haven’t been at the center of a major data leak. Here’s what security program managers are seeing out there.

The survey includes information about targeted attacks, incident response and the impacts of both malicious and non-malicious insiders. It contains details about respondents' security programs, including budgeting, policies implemented, tools used, satisfaction with security tools and budgets, degree of outsourcing, use of metrics and effects of compliance requirements.

As it did beginning last year, the survey makes some comparisons of CSI's findings to those of the Verizon Business RISK Team Data Breach Investigations Report, the Ponemon Institute's Cost of a Data Breach report and the Symantec Global Internet Threat Report.

Some key findings:

  • Of the approximately half of respondents who experienced at least one security incident last year, fully 45.6 percent of them reported they’d been the subjects of at least one targeted attack.
  • When asked what actions were taken following a security incident, 18.1 percent of respondents stated that they notified individuals whose personal information was breached and 15.9 percent stated that they provided new security services to users or customers.
  • When asked what security solutions ranked highest on their wishlists, many respondents named tools that would improve their visibility—better log management, security information and event management, security data visualization, security dashboards and the like.
  • Respondents generally said that regulatory compliance efforts have had a positive effect on their organization's security programs.

This year's survey results are based on the responses of 351 information security and information technology professionals in United States corporations, government agencies, financial institutions, educational institutions, medical institutions and other organizations. Their responses cover the security incidents they experienced and security measures they practiced from the period of July 2009 to June 2010.

 View the CSI Survey 2010 Webinar, originally aired December 2, 2010.
(This will open in a new browser window...)


Want to view a previous report? Access it here.