Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA (www.isaca.org) November 2010.

Slides:

Advertisements

Similar presentations

1 Fortinet Confidential 1 T I T R E Fortinet 2013 Global Survey.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

InformationWeek 2014 Mobile Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

1 3M Privacy Filters Justification Toolkit: How to Use The following presentation is meant to provide you with the most impactful data points to help you.

CISA/CISM Programs DoD and Component Overview June 29, 2006.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

2015 GLOBAL CYBERSECURITY STATUS REPORT Global Cybersecurity Status Report Companies and government organizations worldwide are focusing on cybersecurity.

2014 IT Salary Survey: Healthcare Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

GOOD DAY AT WORK: CONNECTING WELL BEING & THE BUSINESS AGENDA Ann Francke, CEO of CMI  Ttle.

ISACA Wellington: 2014 Strategy. Background ISACA’s vision: Trust in, and value from, information and information systems ISACA’s mission: For professionals.

Domestic Violence: Prevention at Work. Domestic Violence … What Is It? Domestic violence is a pattern of physical, sexual and emotional assault used by.

Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing.

Certification and Training Presented by Sam Jeyandran.

Presented by: Insert Name Safety Management Consultant

1 Charles Garbowski Senior Director Research March 16, 2007 R E S E A R C H K P M G L L P ACI Second Annual Global Audit Committee Survey.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.

INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

(ISC) Global Workforce Study U.S. Government Results May 7, 2013.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Career Techniques in IT Governance / Audit January 8, 2008 Sponsored by: Presented by: Colonial Properties Trust ITAC Solutions Outplacement Consulting.

Copyright 2009 Trend Micro Inc. Classification 9/9/ Corporate End User Study Employee Online Behavior.

Cybersecurity nexus (CSX)

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Study Results Advanced Persistent Threat Awareness.

Protestant Churches’ Use of Social Media Sponsored by Fellowship Technologies, a partner in LifeWay’s Digital Church initiative.

GCSE - FHP Global Coalition for Sustained Excellence in Food & Health Protection.

BRING YOUR OWN DEVICE. BYOD AND THE IMPACT ON IT SECURITY BYOD and pressure employees put on IT organization to supply or allow consumer mobility devices.

2012 ICF Global Coaching Study The Business of Coaching: Fee and Revenue Drivers ICF Global Conference October2012

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center

CISA CISA Certified Information System Auditor Certified Information System Auditor.

The State of Computer & Data Security in Corporations Independent Survey.

Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

The Opportunity The IT Audit Senior is responsible for conducting independent audits of the company’s information technology infrastructure and business.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

ISACA’S 2015 IT RISK/REWARD BAROMETER: A GLOBAL LOOK AT IOT SECURITY October 2015.

HART RESEARCH ASSOTESCIA Key findings from telephone survey of parents of children who access the Internet, conducted for Who Needs Parental Controls?

INNOVATE THROUGH MOTIVATION Mobile Computing & Your Business KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.

Business Responds to AIDS (BRTA)

Using LinkedIn for Your Job Search Transition Assistance webinar Talent, Deloitte Services LP.

ISO 9001 Quality Management System implementation experience in the Agency on Statistics of the Republic of Kazakhstan (ASRK) Zhasser Jarkinbayev, ASRK.

Call Us: (Toll Free)

ISACA Many thanks to the ISACA Belgium Chapter, who created the original slide deck.

Millennials in IT show aggressive approach to career path in contrast to other generations December 10, 2013 Millennials in IT show aggressive approach.

Maximize Your Hosting Business: Covering all your SSL requirements Tim Callan May 31, 2006 VeriSign / thawte Confidential.

HR: Leading People, Leading Organizations © 2006 SHRM SHRM Weekly Online Survey: September 29, 2006 Workplace Privacy Sample comprised of 442 randomly.

Workshifting Transform your business – empower your people.

ISO Certification For Laboratory Accreditation ISO Certification For Laboratory Accreditation.

MS in IT Auditing, Cyber Security, and Risk Assessment

IS4680 Security Auditing for Compliance

REPORT THE 2017 APPLICATION INTELLIGENCE

Identity Theft Presentation

The Internal Audit Role in assessing Cybersecurity

Current ‘Hot Topics’ in Information Security Governance Auditing

What is an anonymous reporting hotline?

Call AVG Antivirus Support | Fix Your PC

مبانی ممیزی فناوری اطلاعات

What is an anonymous reporting hotline?

IT and Audit Building a Security Aware Culture

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.

ISACA IN 2019 Robin Lyons WHAT’S NEXT, NOW Technical Research Manager

Presentation transcript:

Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA ( November 2010 © 2010 ISACA.. All Rights Reserved.

Two Surveys in One Two separate but related surveys make up the Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey. One survey was conducted with US consumers/employees. A second survey was conducted with business and IT professionals who are members of ISACA, a nonprofit global membership association, in all geographic regions. Full details are available at

Two Surveys in One Part One—Consumers/Employees: Determine online behaviors of US residents who use a work-supplied computer, laptop, netbook, notebook, tablet and/or smart phone to shop online, especially during the 2010 holiday season. Learn about: Extent of online shopping Motivation for online shopping Approach to security Knowledge of and adherence to corporate IT policies © 2010 ISACA. All Rights Reserved.

Two Surveys in One Part Two—Business/IT Professionals Who Are Members of ISACA: Determine attitudes and experiences of global IT and business professionals regarding their policies and expectations of employees doing online shopping on work devices. Survey results from 3,307 business and IT professionals who are members of ISACA in five geographic regions around the world. Results are available in the global aggregate or broken down by region at

Key Takeaways Consumer/Employee Survey: Employees will shop less, but take bigger risks online during the 2010 holiday season. –Approximately half as many as last year (23 percent vs. 52 percent) plan to use a work-supplied device to shop online. –They plan to spend an average of six hours shopping online (vs. 14 hours in 2009) using a work-supplied device. –BUT, more people are doing activities that could put their employer at risk, e.g., clicking on links in s (52 percent in 2010; 40 percent in 2009), providing work addresses to online shopping outlets (28 percent in 2010; 21 percent in 2009) and clicking on a link at social networking sites (19 percent in 2010; 15 percent in 2009). (continued on next slide)

Key Takeaways Consumer/Employee Survey (continued): Cost to the employer is estimated at US $1,000 or more per employee, with many IT professionals putting the number as high as US $15,000. Increase in the number of people who assume that the IT department is ensuring that their work-supplied computer or smart phone has the most recent security patches (41 percent in 2010; 30 percent in 2009) Increase in the number of people not concerned that online shopping at work may affect their organization’s IT network (24 percent in 2010;17 percent in 2009). The increasing use of mobile devices is making “shopping on the job” riskier. Almost half of those who will be shopping online with a company device will use a laptop, tablet, smart phone or similar device.

Key Takeaways Business/IT Professional (ISACA Member) Survey: The IT mindset is shifting from prohibiting online shopping to setting limits. The number of organizations prohibiting employees from shopping online using a work computer has dropped to 11 percent. Instead, IT staffs are allowing use but setting limits: 49 percent limit online shopping using a work computer. Similarly, the number of organizations prohibiting employees from accessing social networking sites has dropped to 11 percent. 53 percent of respondents believe their organization loses US $1,000 or more per employee as a result of an employee shopping online during work hours in November and December. Almost one-fifth put the number at US $15,000 or higher. For mobile devices, an overwhelming majority (84 percent) ranked the risk of using a mobile shopping application on a work-supplied device as high or moderate. Despite that, 42 percent allow employees to use work-supplied mobile devices for personal use and 41 percent use their own mobile devices for work.

Key Takeaways Why are more employees taking risky actions online? Organizations are doing a better job of educating employees about computer security, but that may be creating complacency, causing employees to assume that IT can handle all security breaches. ISACA’s survey found that 25 percent of people are not concerned that their online shopping behavior may affect their organization’s IT network. This shows that educating employees about security needs to be ongoing and that it needs to gain the employee’s personal buy-in.

Key Takeaways Online Shopping Risks: Social engineering and phishing attacks, malware and information breaches that can cost companies thousands per employee to correct, millions in compromised corporate data and severe damage to their reputation Mobile Device Usage Risks: The same social engineering and phishing attacks, plus “mobile malware” and data breaches due to lost or stolen devices

Key Takeaways How should organizations address these risks? Organizations should use an “embrace and educate” approach. They should apply proper risk management and implement security controls to mitigate the risks of phishing attacks, malware and data breaches. All of this needs to be supported by workplace communications and education. A ban of mobile devices is usually not effective. Mobile technology can offer enterprises a range of highly valued benefits, from increased productivity to improved employee morale to better customer service. Organizations should create an easily understood and executable policy that protects against risks related to leaking confidential data and malware. This policy should also take into account the growing “personalization of IT”—i.e., the fact that many employees are using their own mobile devices for work activities.

Compare Consumer Results Changes Between 2009 and 2010 Surveys: Fewer people are shopping online in 2010, but those who are doing it are taking bigger security risks and are less concerned about their own role in reducing risk. Approximately half as many plan to use a work-supplied device to shop online (23 percent in 2010 vs. 52 percent in 2009). Average amount of time shopping online on work devices is six hours (vs. 14 hours in 2009). More people are taking risky actions—clicking on an link (52 percent in 2010; 40 percent in 2009); clicking on link on social networking site (19 percent in 2010; 15 percent in 2009); using a work address (28 percent in 2010; 21 percent in 2009). More people assume the IT department is ensuring that their work-supplied computer or smart phone has the most recent security patches (41 percent in 2010; 30 percent in 2009).

Methodology For Part One (consumer/employee version) of the survey: ISACA included 10 questions in a weekly national omnibus conducted by M/A/R/C Research. The survey was fielded online between 27 September and 4 October The total sample was 2,853 respondents; 638 qualified for the survey based on having shopped online using employer computers. Study results have a margin of error of 3.9 percent at the 95 percent confidence level.

Methodology For Part Two (IT/business professionals who are ISACA members) of the survey: A related online survey was conducted by ISACA between 27 September and 4 October 2010 among 3,307 ISACA members in North America, Central/South America, Europe, Asia and Oceania.

ISACA With 95,000 constituents in 160 countries, ISACA ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA ® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor ® (CISA ® ), Certified Information Security Manager ® (CISM ® ), Certified in the Governance of Enterprise IT ® (CGEIT ® ) and Certified in Risk and Information Systems Control  (CRISC  ) designations. ISACA continually updates COBIT ®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business. Contact for further information: