hosted by trends in enterprise it security andrew briney, cissp editorial director, information...

Hosted by

Trends in Enterprise IT Security

Andrew Briney, CISSPEditorial Director, Information Security

October 15, 2003

Hosted by

Agenda

Security Budgets and Spending

Technologies and Services: Hot & Not

What Do You Value Most?

The “Maturing” Profession

Hosted by

Information Security Polling

2003 ISM Annual Survey

• 3,500 IT security professionals

2003 ISM Product Survey

• 1,100 IT security professionals

2003 SearchSecurity Users’ Survey

• 372 IT security professionals

TheInfoPro (TIP), Q3 2003 Survey

• Interviews with 160 senior IT security pros

Hosted by

Global IT Security Market

$17B

$45B

25% CAGR

2001

2006 Source: IDC Corp.

Hosted by

Budget Changes: Since 9/11

Source: SearchSecurity

51% of organizations have increased spending

Hosted by

50%

25% 25%

1 2 3

Hosted by

Will your IT security budget increase in the next 12 months?

1.Yes2.No3.Don’t know

Hosted by

Budget Changes: 2002-2003

Source: TheInfoPro

54% of organizations will increase spending

Stay the same35%

Less11%

More54%

Hosted by

25% 25% 25%

0%

25%

0% 0%

1 2 3 4 5 6 7

Hosted by

By how much will your IT security budget increase in the next 12 months?

1. More than 50%2. 25% -50%3. 10% - 24%4. 1% - 9%5. No change6. Budget will decrease7. Don’t know

Hosted by

IT vs. Security Budgets

% of IT Budgets Devoted to Security

Source: Information Security Magazine

Hosted by

• 2005: 60% will have both.

• 2001: 7% of organizations had BOTH IDS and VA.

Hot and Not (1)

Source: Information Security Magazine

• By 2005, AV, FWs and VPNs will be deployed in 95% of organizations.

Hosted by

125%

225%

350%

Hosted by

Do you plan to invest in managed security monitoring services in 2004?

1. Yes2. No3. Don’t Know/NA

Hosted by

150%

225%

333%

Hosted by

Do you plan to invest in special-purpose security appliances in 2004?

1.Yes2.No3.Don’t Know/NA

Hosted by

Hot and Not (2)

29%

27%

27%

16%

29%

38%

31%

21%

56%

43%

50%

46%

38%

18%

48%

58%

15%

30%

23%

38%

33%

44%

21%

21%

0% 20% 40% 60% 80% 100%

Authentication

Security EventManagement

Access Control andAuthorization

Assessment andAudit Services

Perimeter NetworkSecurity

Security Appliances

Content Filtering

Encryption

Less Money About the Same More Money

In 2003, will you spend more, less or the same amount on these technology areas?

Source: TheInfoPro

Hosted by

25% 25% 25% 25%

0%

1 2 3 4 5

Hosted by

What do you value most when selecting a security product?

1. Features/functionality2. Fit with current network/data infrastructure3. It’s own built-in security4. Price5. Other

Hosted by

Feature Creep

Source: Information Security Magazine

Hosted by

0%

25% 25% 25% 25%

0%

1 2 3 4 5 6

Hosted by

What do you value most when selecting a security vendor?

1.Technical Support2.Produce leading product3.Financial stability4.Strength of R&D5.Breadth of product line6.Other

Hosted by

Vendor Value

Source: Information Security Magazine

Hosted by

25% 25% 25% 25%

0% 0%

1 2 3 4 5 6

Hosted by

To what extent do regulatory and legal requirements drive your security actions?

1. Never

2. Rarely

3. Sometimes

4. Mostly

5. Always

6. Don’t Know/NA

Hosted by

Regulatory Impact

• To what extent do regulatory and legal requirements drive your security actions?

Source: Information Security Magazine

Hosted by

Proactive Defense

• At what point do you act on an emerging security threat?

Source: Information Security Magazine

Hosted by

Risk Analysis

• What type of risk methodology(ies) do you use?

Source: Information Security Magazine

Hosted by

Andy’s Crystal Ball

2004 Security Spending: “Y2K Effect”

Functionality Converges at Perimeter

“Intrusion Defense” Gets Smarter

Profession Continues to Mature

Hosted by

Trends in Enterprise IT Security

Andrew Briney, CISSPEditorial Director, Information Security

October 15, 2003