http://www.smh.com.au/articles/2004/05/28/1085641687991.html By Sam Varghese May 28, 2004 A research brief, about a global security survey measuring the state of IT security at leading financial institutions, claims that 83 percent of the top 100 companies worldwide have experienced some compromise of their systems in 2003. However, the conclusion, drawn by consulting company Deloitte Touche Tohmatu, is puzzling as the survey itself (which can be downloaded from the company's website) says that only 31 of the top 100 global financial services institutions ranked by 2002 assets were involved in the survey. The release accompanying the survey has it differently. "Practitioners from Deloitte's Global Financial Services Industry practice conducted face-to-face interviews with senior information technology executives of the top 100 global financial services organizations (sic)," it says. The survey claims that the results, published this month, "provide a global benchmark for the state of security in the financial sector." Did the company actually speak to representatives from the top 100? Kevin Shaw, Leader Security Services Group - Asia Pacific for the company's Enterprise Risk Services, said: "What we can say is that interviews with senior information technology executives of top 100 global financial services organizations (sic) were conducted and that the sample includes 31 of the top 100 global financial services institutions." He said four Australian banks were among those interviewed but refused to name them. "I am sure that you will understand that respecting the confidentiality of those who were so kind as to participate is very important to us, and so unfortunately, we cannot denote the true number of organizations (sic) that have participated in the survey," Shaw said. "If we indicate the number of organizations, (sic) people may start to reverse engineer the number and make assumptions about who participated. This could have impact on two levels, one being that unfair assumptions are made leading to potentially erroneous conclusions, and the other in that they circumvent our intent and promise of allowing organizations (sic) to remain anonymous." Last year's survey had some question marks over it as well. The company claimed the participants represented 35 percent of the top 500 global financial services organisations, which would have meant that 175 companies of the top 500 had been interviewed. However, when asked about it, Deloitte admitted that the facts were that 35 percent of the top 50 global financial services organisations - meaning 17 or 18 - had been involved. _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Fri May 28 2004 - 08:05:40 PDT