Baby Steps Toward Security

After some big information security scares â€" stolen laptops, lost hard drives and reports of hackers gaining access to networks â€" government agencies responded over the past year by beefing up their security practices, according to a worldwide security survey released last week. The Global State of Information Security survey, conducted by CIO and CSO magazines and PriceWaterhouseCoopers, found government security managers worldwide had added more security staff and processes to their business practices. But governments as a whole still lag the financial industry, which leads all others in putting in place security strategies and technologies.

Among the highlights from the security survey:

-- The percentage of government organizations employing a chief security officer increased from 56 percent in 2006 to 72 percent in 2007. (86 percent of financial industry organizations employ a CSO.)

-- Percentage of government agencies that had an overall security strategy: 42 percent in 2006 vs. 60 percent in 2007. (71 percent in the financial industry.)

-- Continuity or disaster recovery plan in place: unchanged from 2006 to 2007 at 55 percent. (Financial industry: 71 percent.)

-- According to the survey, 38 percent of government organizations said they had standards and policies in place for mobile and handheld devices, and only 60 percent said they encrypted the data in transmission to and from the devices. Less than half â€" 44 percent â€" encrypt data at rest and only 39 percent encrypt data on laptops.

Overall, security in government agencies is improving, say PWC security experts, but it is slow. Very slow, they say.