2012 ncircle federal security and compliance trends survey

© 2012 nCircle. All rights reserved.

2012 nCircle Federal Security and Compliance Trends Survey

Preliminary Results

DGI Cyber Conference – May 31, 2012

Keren Cummins, Director of Federal Markets, nCircle

2 © 2012 nCircle. All rights reserved. nCircle Company Confidential

What part of the US Government do you work

for?

Civilian; 80.0%

Mili-tary; 14.3%

Intelligence; 5.7%

Respondent Profile To Date

Employee; 47.1%

Con-trac-tor; 52.9%

Are you an employee or a contractor?

Keren Cummins

I'd actually prefer to see a pie chart for graphics like this one. seems clearer to me. what do you think?is it important to have the charts consistent in overall appearance?


Respondent Profile (Cont.)How many employees in your

organization?

249-999

1,000-1,999

2,000-4,999

5,999-9,999

10,000 or greater

28.6%

11.4%

17.1%

14.3%

28.6%

Senior Management (CIO, CISO, Security operations manage-

ment)

IT Operations

Security

Risk or Audit

Other

18.6%

14.3%

52.9%

7.1%

7.1%

What is your role within your organization?

Keren Cummins

if we were to use pie charts then I'd make the first one here a pie. It could also be moved up to the prior page (two pie charts together) and then these can be bar graphs as shown...


Top Concern

What is your biggest security concern for 2012?

Cloud computing

Securing virtualized infrastructure

VOIP vulnerabilities (Vishing)

Social media

Mobile devices / BYOD

Advanced persistent threat

Web application vulnerabilities

Meeting security compliance requirements

15.2%

9.1%

1.5%

1.5%

19.7%

12.1%

9.1%

31.8%


Cloud Implementation Trends

What percentage of your organization's infrastructure

is currently outsourced to cloud vendors?

What category of data is your organization migrating

to the cloud?

One third or less

More than one third

Greater than two thirds

93.9%

4.5% 1.5%

Low impact Moderate impact

Both

68.2%

10.6%

21.2%

Keren Cummins

on second graphic, please put Low Impact first, Moderate second and then both last.


Cloud Implementation Trends

Have FedRAMP’s baseline security controls advanced your agency’s migration to the cloud?

Yes

No

Undetermined

11.3%

38.7%

50.0%


Mobile Security Trends

Does your organization have a mobile device security policy?

Does your organization enforce your mobile device security policy?

Yes

No

80.0%

20.0%

Yes

No

88.0%

12.0%

In your opinion, which mobile devices carry the greatest security risks? (select all that apply)

Android devices

Apple iOs devices (i-

Phone, iPad)

RIM devices (Blackberry)

Nokia OS devices

Windows Phone

Other

85.7%

65.1%

31.7% 27.0%38.1%

1.6%


Mobile Security Trends

As government expands its use of mobile devices, do you have a strategy for monitoring them?

Yes

No

37.1%

62.9%


Oversight & Legislation Trends

Will the current proposed cyber security legislation improve cyber security in the private sector?

Yes

No

28.6%

71.4%



Has the practice of monthly reporting into CyberScope reduced your agency’s FISMA compliance burden?

Yes

No

14.5%

85.5%



Has participation in CyberStat review session(s) improved your agency’s overall security performance?

4.8% 6.5%

32.3%

56.5%


Continuous Monitoring Trends

Of these, which is your agency’s greatest challenge in implementing a continuous monitoring program?

Budget / funding

Insufficient technology for the task

Business processes

Bureaucratic barriers

53%

14%

21%

11%

Keren Cummins

If this is the only place I editorialize, it feels a little out of place


Continuous Monitoring Trends

Have you seen measurable reductions in your agency’s risk based on continuous monitoring efforts to date?

Yes

No

I don't know

25.8%

50.0%

24.2%

http://connect.ncircle.com/


Current Threat Landscape

Select the most significant security threat category your

organization faces:

Do you feel that the risk of advanced persistent threats is

greater for the public sector than the private sector?

Cyber crime

Hacktivists

Nation state attacks

45.5%

13.6%

40.9%

Yes

No

61.3 %

38.7%

2012 ncircle federal security and compliance trends survey

Business

ncircle company confidential

director of federal

keren cummins

respondent profile