Presentation is loading. Please wait.

Presentation is loading. Please wait.

TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng.

Published byAmie Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng."— Presentation transcript:

1 TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng

2 In-depth Analysis of Gaps Performance Gaps: –Current Status v. Importance Industry Gaps: –i.e. Healthcare v. Retail Company Size: –Small business v. Large Scale Enterprise Role Gaps: –i.e. Business Managers v. IT staff Inter-Enterprise Gaps: –i.e. Internal Line Manager v. Supplier

3 Topics & Findings Perceptions of Security Security Culture Gaps Why Accessibility Won’t Sell

4 Perceptions of Security Overall assessment of importance is always higher than that of a partner organization. –While it makes sense that the first priority is to make your own organization secure within and from the outside world, it is absurd to think that security is less important for your partner organization –It is natural to believe your own organization is better or more important, but it can create a false sense of security My & partner assessment is about the same. –The similar assessment seems reasonable since responses may be biased towards security practices at their own organization. Perceptions of Security 1 of 2

5 Gaps in assessment and importance shows signs of security awareness in organizational members which is the first step towards better security –Largest gap is MI-MA followed by PI-PA This trend suggests that organizations may see themselves as “invincible” and thus become complacent under this illusion of safety The need to share certain information with business partners, suppliers, and customers over internet leaves the organization vulnerable to factors beyond their control Perceptions of Security Perceptions of Security 2 of 2

6 Security Culture Gap The greatest performance gap by and large is security culture. –Security culture has an average security status assessment of 4.99 and a rated importance of 5.81 –With a gap of.82, the difference in perception is statistically significant with a 99% confidence level –This is gap is mostly true for all types of organizations of all sizes Security Culture Gaps 1 of 5

7 Security Culture (Survey QS) Security Practices –People in the organization are knowledgeable about IT security tools and practices. [q08; gap=.82] –People in the organization carefully follow good security practices. [q14; gap=1.08]  Largest gap! –In the organization, people are aware of good security practices. [q33; gap=.78] Ethics and Trust –People in the organization can be trusted not to tamper with data and networks. [q21; gap=.69] –People in the organization can be trusted to engage in ethical practices with data and networks. [q26; gap=.74] Security Culture Gaps 2 of 5

8 Why the Gap in Security Culture? Security culture may be the weakest link in the house of security since predictable and unpredictable humans factors come into play Few are aware of good security practices and even fewer actually follow through Trust and ethics factors as one of the most important aspects of security culture, but it cannot be regulated or written in a policy Security Culture Gaps 3 of 5

9 Security Culture Gap The importance of security culture is rated 17% higher than assessment of current status –Even though this is the most crucial area to improve upon, it is not possible without the financial & IT resources, effective security policy, and integration into business decisions Organizations need to assess their own security culture and determine what is holding back its members from following good security practices With new technology, comes new problems and a culture needs to be flexible enough to deal with change, and change when it is no longer working Security Culture Gaps 4 of 5

10 Further Implications Large gaps in security culture could be due to a lack of: –awareness about current security practices –incentives to follow them –strong leadership –understanding about how a member’s actions fits into the larger picture Gaps in security policies lags behind security culture –Policy compliance does not necessarily mean good security culture Even if policies are tough, it still not enough without a proper security culture within the organization since policies tend to be reactive in nature – that is why organizations need to focus on security culture Security Culture Gaps 5 of 5

11 Why Accessibility Won’t Sell Accessibility –Rated highest importance, but also highest assessment of current status –Lowest MI-MA with a gap of.33, also lowest for PI-PA with a gap of.25 –MI-MA gaps of other constructs range from.50~.82 This raises several questions –Is accessibility technology and methods already matured or even saturated? –Does the importance of accessibility overshadow the importance of vulnerability? Accessibility 1 of 5

12 Accessibility (Survey QS) The organization checks the identity of users before allowing access to data and networks. [q04; gap=.26] The organization’s data and networks are only available to approved users. [q11; gap=.30] The organization provides access to data and networks to legitimate users. [q30; gap=.30] The organization’s data and networks are usually available when needed. [q34; gap=.44]  Largest gap! Accessibility 2 of 5

13 Why Accessibility Won’t Sell High assessment and importance in ‘accessibility’ and ‘confidentiality’ indicates that these aspects of security the perceived as one of the most crucial aspects, but only accessibility show a small gap The small gaps in accessibility overall, across industries, company size, etc. suggest that current technology already has the capabilities to address and meet those needs Accessibility 3 of 5

14 Where is accessibility now? Is accessibility technology and methods already matured or even saturated? –Accessibility standards are emerging as e-commerce and other internet transactions become commonplace –Despite good software technologies and capabilities, if people using the software do not understand its capabilities and limits then it can’t successful “The organization’s data and networks are usually available when needed.” –This particular question had the largest gap within the accessibility construct –Technology may be able to properly provide and regulate user accessibility, but it can also hinder productivity Accessibility 4 of 5

15 Accessibility v. Business Strategy Does the importance of accessibility overshadow the importance of vulnerability? –Sometimes more accessibility may indirectly lead to more vulnerability, especially if “Security is a business agenda item (mostly) for top executives in the organization.” (MA=5.01 for this qs. 22) –Business strategy & financial resources is rated as the least important, while accessibility is rated as most important –However, it is often the case that security often loses to business needs so more emphasis should be placed on publicizing the organization's security strategy Accessibility 5 of 5

16 Quick Stats on the Overall Data Top Gaps MA v. MI 1.Security Culture (.82) 2.Financial Resources (.71) 3.Security Policy (.66) 4.Vulnerability (.66) Top Gaps PA v. PI 1.Security Culture (.52) 2.Vulnerability (.49) 3.Financial Resources (.42) 4.Security Policy (.41) Highest Rated Assessment 1.Accessibility (5.72) 2.Confidentiality (5.49) 3.Vulnerability (5.25) Highest Rated Importance 1.Accessibility (6.05) 2.Confidentiality (5.99) Merged Data 1 of 5

17 Merged Data 2 of 5

18 Merged Data 3 of 5

19 Merged Data 4 of 5

20 Convergent and Discriminant Validity (Merged Data) High values of Cronbach’s Alpha indicate the variables were a good measure of the latent constructs Indicates good reliability and consistency in the data set Merged Data 5 of 5

21 Industry 6 Main Industries, Total Responses: 1259 –Banking & Finance (124) –Technology Services (128) –Health & Social Assistance (495) –Tele/Communications (93) –Manufacturing (244) –Retail (175) Industries not included due to lack of responses – education, defense, aeronautics, etc.

22 Analysis by Industry Results from each Industry follows the trend of the overall data –Low status for accessibility –High gaps in security culture –MI > PI > MA,PA Banking & Finance, Communications – high MA, MI; low gap Health & Social Services & Technology Services – medium MA, MI; high gap Manufacturing & Retail – low MA, MI; high gap

23 Quick Stats on the Industries Assessment & Importance (high  low) 1.Banking & Finance 2.Technology Services 3.Communications 4.Health & Social Assistance 5.Manufacturing 6.Retail Low Gaps 1.Banking & Finance 2.Communications High Gaps 1.Technology Services 2.Health & Social Assistance 3.Manufacturing 4.Retail Industry Data 1 of x

24 My Assessment by Industry

25 My Importance by Industry

26 BNK – Banking & Finance, COM – Tele/Communication, HLT – Healthcare & Social Assistance, MNF – Manufacturing, RET – Retail, TEC – Technology Services

27 Industry Assessment 1 of 6

28 Industry Assessment 2 of 6

29 Industry Assessment 3 of 6

30 Industry Assessment 4 of 6

31 Industry Assessment 5 of 6

32 Industry Assessment 6 of 6

33 Industry Gaps 1 of 6

34 Industry Gaps 2 of 6

35 Industry Gaps 3 of 6

36 Industry Gaps 4 of 6

37 Industry Gaps 5 of 6

38 Industry Gaps 6 of 6

39 Analysis by Company Size Follows trend of overall data Assessment and importance increase with size of company Exception to this trend  company with 50K-100K employees Companies smaller than 10K tend to have higher gaps in security –Especially true for security policy

40 Company Size Assessment 1 of 6

41 Company Size Assessment 2 of 6

42 Company Size Assessment 3 of 6

43 Company Size Assessment 4 of 6

44 Company Size Assessment 5 of 6

45 Company Size Assessment 6 of 6

46 Company Size Gaps 1 of 6

47 Company Size Gaps 2 of 6

48 Company Size Gaps 3 of 6

49 Company Size Gaps 4 of 6

50 Company Size Gaps 5 of 6

51 Company Size Gaps 6 of 6

52 end

Download ppt "TSQM Overall Merged Data Analysis by Industry Analysis by Company Size July 10, 2006 Vicki Deng."

Similar presentations

PINNACLE CONSULTING & COACHING / TABLE GROUP CONSULTING PARTNERS

PINNACLE CONSULTING & COACHING / TABLE GROUP CONSULTING PARTNERS
Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC) 3 3 Sept 2014 MIT House of Security and Measurement of Security Perceptions.

Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC) 3 3 Sept 2014 MIT House of Security and Measurement of Security Perceptions.
Using the SmartPLS Software “Structural Model Assessment”

Using the SmartPLS Software “Structural Model Assessment”
Sixteen Questions About Software Reuse William B. Frakes and Christopher J. Fox Communications of the ACM.

Sixteen Questions About Software Reuse William B. Frakes and Christopher J. Fox Communications of the ACM.
IRSHAD Fourth Objective Dubai Islamic Bank – Performance Management Systems.

IRSHAD Fourth Objective Dubai Islamic Bank – Performance Management Systems.
Diversity as a Business Strategy Stakeholder Issues Part 4 B.

Diversity as a Business Strategy Stakeholder Issues Part 4 B.
Retail Banking SALES PROCESS 1. Swot Analysis 2. Analyse Figures Past Present Future 3. Sales Forecasting 4. Prospecting 5. Meeting / Presentation 6. Negotiate.

Retail Banking SALES PROCESS 1. Swot Analysis 2. Analyse Figures Past Present Future 3. Sales Forecasting 4. Prospecting 5. Meeting / Presentation 6. Negotiate.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Leadership Confidence September Leadership Pulse Dr. Theresa M. Welbourne Preliminary Report November 16, 2005 the measure of your success.

Leadership Confidence September Leadership Pulse Dr. Theresa M. Welbourne Preliminary Report November 16, 2005 the measure of your success.
Quality management Vincent A Ssembatya.

Quality management Vincent A Ssembatya.
1 The role of CQC – changes to regulation. 2 Our purpose and role Our purpose We make sure health and social care services provide people with safe, effective,

1 The role of CQC – changes to regulation. 2 Our purpose and role Our purpose We make sure health and social care services provide people with safe, effective,
Enterprise Security Perception and the “House of Security” September 6, 2006 Professor Stuart Madnick Sloan School of Management Massachusetts.

Enterprise Security Perception and the “House of Security” September 6, 2006 Professor Stuart Madnick Sloan School of Management Massachusetts.
1 WELL-BEING AND ADJUSTMENT OF SPONSORED AGING IMMIGRANTS Shireen Surood, PhD Supervisor, Research & Evaluation Information & Evaluation Services Addiction.

1 WELL-BEING AND ADJUSTMENT OF SPONSORED AGING IMMIGRANTS Shireen Surood, PhD Supervisor, Research & Evaluation Information & Evaluation Services Addiction.
Towards Total Security Quality Management (TSQM): Enterprise Perception Measurement and the “House of Security” May 15, 2006 Professor Stuart Madnick,

Towards Total Security Quality Management (TSQM): Enterprise Perception Measurement and the “House of Security” May 15, 2006 Professor Stuart Madnick,
Towards Total Security Quality Management (TSQM): Enterprise Perception Measurement and the “House of Security” June 20, 2006 (revised) Professor Stuart.

Towards Total Security Quality Management (TSQM): Enterprise Perception Measurement and the “House of Security” June 20, 2006 (revised) Professor Stuart.
Company LOGO B2C E-commerce Web Site Quality: an Empirical Examination (Cao, et al) Article overview presented by: Karen Bray Emilie Martin Trung (John)

Company LOGO B2C E-commerce Web Site Quality: an Empirical Examination (Cao, et al) Article overview presented by: Karen Bray Emilie Martin Trung (John)
CMMI Overview Quality Frameworks.

CMMI Overview Quality Frameworks.
School Psychological Services in High Schools: Responding to Teachers’ Needs Presented by Kari Sears, Ed.S., NCSP, Patricia Warner, Ph.D., NCSP, Tammy.

School Psychological Services in High Schools: Responding to Teachers’ Needs Presented by Kari Sears, Ed.S., NCSP, Patricia Warner, Ph.D., NCSP, Tammy.
Comparison of Management Practices Between 3 Pharmaceutical Companies of Pakistan.

Comparison of Management Practices Between 3 Pharmaceutical Companies of Pakistan.
 MISSION  HISTORY … to create a safe space … cultivate values of Respect, Diversity, Social Justice, and Youth Leadership … build a strong, youth led,

 MISSION  HISTORY … to create a safe space … cultivate values of Respect, Diversity, Social Justice, and Youth Leadership … build a strong, youth led,

Similar presentations

Ads by Google