Home > Articles

  • Print
  • + Share This

WarRoom Research's Information Security Survey

WarRoom Research is a group of competitive intelligence and information security consultants based in the Washington, D.C. area. Its data is compiled, as is much of the CSI/FBI data, from Fortune 500 corporations. The tables in this section answer the following questions.

Have you detected attempts to gain computer access to any of your computer systems from "outsiders" in the past 12 months?

Yes

119

58.0%

No

25

12.2%

Don't know

61

29.8%

205

100.0%

Table 3.2 Vulnerability Breakdown by Site Type (in Percents)

Site Type

Denial of Service

FTP

Yellow Web

INND

REXD access

Sendmail

Red Web

YPupdated

statd

Banks

57.12

0.15

9.85

3.18

0.15

9.70

1.52

0.91

29.39

Credit unions

43.43

0.00

8.03

1.46

0.00

4.01

0.73

1.09

16.42

U.S. Federal

44.68

0.00

36.17

0.00

0.00

12.76

2.12

6.38

31.91 sites

Newspapers

52.88

0.32

14.42

2.24

0.00

16.67

1.28

0.64

30.77

Sex

56.54

0.00

6.65

1.33

0.00

11.97

0.67

0.00

18.85

Totals

53.63

0.12

10.32

2.19

0.06

10.67

1.1

0.81

24.91

Random group

28.14

0.00

1.92

0.64

0.64

7.25

0.00

0.64

13.65


Source: Dan Farmer, http://www.fish.com (The Denial of Service and Yellow Web vulnerabilities were "yellow" vulnerabilities, and the others were counted as red vulnerabilities.)

If yes, how many successful unauthorized accesses from "outsiders" have you detected? (developed table)

1–10

41

41.8%

11–0

24

24.5%

21–30

16

16.3%

31–40

10

10.2%

41–50

5

5.1%

>50

2

2.0%

98

100.0%

If you experienced computer system intrusions by someone from outside your organization, indicate the type of activity performed by the intruder performed.

Manipulated data integrity

41

6.8%

Installed a sniffer

40

6.6%

Stole password files

34

5.6%

Probing/scanning of system

88

14.6%

Trojan logons

35

5.8%

IP spoofing

29

4.8%

Introduced virus

64

10.6%

Denied use of services

38

6.3%

Downloaded data

49

8.1%

Compromised trade secrets

59

9.8%

Stole/diverted money

2

0.3%

Compromised e-mail/documents

76

12.6%

Publicized intrusion

3

0.5%

Harassed personnel

27

4.5%

Other (specified)

18

3.0%

603

100.0%

How many "insiders" have been caught misusing your organization's computer systems? Running their own ventures on company systems, abuse of online accounts, personal record keeping, etc. (developed table)

Unknown

20

9.8%

0

56

27.3%

1–5

24

11.7%

6–10

46

22.4%

11–15

32

15.6%

16–20

13

6.3%

21–25

9

4.4%

>25

5

2.4%

205

100.0%

If yes, what disciplinary action was taken?

Oral admonishment

70

54.3%

Written admonishment

27

20.9%

Suspended

7

5.4%

Resigned

8

6.2%

Fired

11

8.5%

Referred to law enforcement

2

1.6%

Out of court settlement

0

0.0%

No action

4

3.1%

Other (specified)

0

0.0%

129

100.0%

 

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.