CIOs Are Complacent On Security Risks, Says HP

Security professionals are leaving gaps in their enterprise risk srategies – even while they claim to be on track.

Nearly 80 percent of security professionals think their organisations have a risk plan in place, and 9o percent believe they are meeting all the governance rules, but only 14 percent think their security systems actually give them a clear picture of the risks the company faces, according to a survey carried out by Hewlett-Packard.

“People say it is very important and they have plans in place – but when we ask the details we don’t get the same level of response,” said Jay Huff, EMEA marketing director for security at HP, and previously marketing head of security information and event management (SIEM) firm Arcsight which HP bought in 2010.

“Have they prioritised their assets for sensitivity? Not many people have done that. Do they have the ability to assess your infrastructure for vulnerability? Again, not many people do,” he told TechWeekEurope at HP’s Software Universe event in London this week.

Security professionals answered positively to the big questions, but looked decidedly wobbly on the finer points, according to the survey of 500 IT professionals visiting the InfoSecurity show in London last month.

HP is particularly interested to push the risk management perspective, having integrated its products into a Security Intelligence and Risk Management (SIEM) product in February.

It also rarely loses an opportunity to brandish its multiple recent acquisitions in security, including TippingPoint (which it acquired with 3Com) for intrusion prevention and Fortify for threat analysis.

The company has been integrating these into a broad security offering and now feels in a position to look askance at more focused security players: “If you have a hammer, everything looks like a nail,” said Huff.

Are you complacent an security risks? Try our quiz!