Seven Information Security Reports

Spring is not just the time for daffodils, lambs and security conferences. The last couple of weeks have seen a plethora of new information security reports too.

Since there are so many security reports, here is a very brief summary of each.

State of Web Application Security

This survey (April 2010) was conducted by the Ponemon Institute on behalf of Imperva Inc and WhiteHat Security Inc. It analyses responses from IT and IT security practitioners in large US organisations about their web application security programs. The findings include that security budgets are not being applied proportionately to the risks with a lack of high-level support for application security.

Security of Cloud Computing Users: A Study of US and Europe IT Practitioners

This new survey (May 2010) conducted by the Ponemon Institute for CA Inc described how many organisations are deploying business-critical applications, IT platforms and IT infrastructure services in the cloud, yet are lacking confidence in their ability to quantify or control the risk. The most difficult risks to minimise were found to be securing the physical location of data assets and restricting privileged user access to sensitive data.

Website Security Statistics Report

The 9th Edition Spring 2010 (May 2010) from WhiteHat Security Inc examines data from a range of security assessments to compare programming languages and frameworks, and the effect of the size of the attack surface on the number of vulnerabilities.

Infosecurity Europe Information Security Breaches Survey

This survey by PricewaterhouseCoopers, formerly conducted for the UK's Department for Business, Enterprise & Regulatory Reform (Now BIS, and launched at Infosecurity Europe (April 2010) examines business information security survey, including controls, incidents and exposures every two years. The 2010 survey highlights the increasing number of attacks on UK businesses (especially on larger organisations) and growing demands for improved information assurance through the whole supply chain.

Symantec Internet Security Threat Report

Symantec's bi-annual analysis of internet attacks, vulnerabilities, malicious code, phishing, spam and security risks. In Volume XV (April 2010) the changing geographical sources of malicious activity are discussed. Although enterprises continue to be the focus of targetted attacks (and in particular those in financial services sector), end users are increasing being attacked at random via their web browsers. Cybercriminals are being aided by more mature malware creation toolkits.

European Country Reports

The European Network and Information Security Agency) has published the 2nd Edition (May 2010) of its Country Reports. The Country Reports were produced by Deloitte, and maps the organisations, government agencies and other bodies, strategies, and good practices in information security in each country (e.g. UK).

Revolution or Evolution? Information Security 2020

Written by PricewaterhouseCoopers for the UK government's Technology Strategy Board, Revolution or Evolution? is a forward look at trends affecting information security and suggests a roadmap of drivers for information security over the next decade. The reports suggests that trust and identity are the key drivers.

Some good reading for the weekend then—no need to buy a Sunday newspaper.