Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Survey finds that many enterprises have a poor understanding of IT risk

Courion Corporation has announced the findings of a wide-ranging survey designed to unearth the level of understanding enterprises have regarding IT risk management and user access.

The global survey of more than 1,250 IT decision makers at large enterprises – 72 percent of which have more than 1,000 employees – found that one third (33 percent) of respondents do not believe their organizations have an accurate assessment of the level of IT risk they face from internal and external threats. This lack of confidence in risk assessment is warranted for two reasons. First, nearly one in four companies (23 percent) indicated that they do not have a formal IT risk management program in place. Second, a large percentage of businesses do not routinely review user access rights to data.

More than 90 percent of respondents said that identification of user access is a core component of their IT risk management strategy, yet 60 percent said they only review individual user access or entitlements once a year or less frequently, with 45 percent saying they do not certify user access to high-risk applications on a regular basis. All of this creates serious data breach risks from excessive user rights, access creep (an accumulation of access credentials as an employee transitions through different positions within a company), and inappropriate access by privileged users within the organisation.

Not surprisingly, organizations discover some alarming facts when they conduct user access reviews:

• Nearly half (48 percent) of companies have discovered excessive user rights within their systems.

• 39 percent of respondents say they have identified instances of inappropriate access by privileged users within their organizations.

• 56 percent say they found cases where access was still active for a user’s prior role.


•Date: 13th April 2011 • Region: World •Type: Article • Topic: ICT continuity

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here