[ISN] Deloitte security survey has some puzzling figures

From: InfoSec News (isn@private)
Date: Fri May 28 2004 - 05:48:12 PDT

  • Next message: InfoSec News: "[ISN] Peeping Taiwanese Trojan author is arrested"

    http://www.smh.com.au/articles/2004/05/28/1085641687991.html
    
    By Sam Varghese
    May 28, 2004
    
    A research brief, about a global security survey measuring the state
    of IT security at leading financial institutions, claims that 83
    percent of the top 100 companies worldwide have experienced some
    compromise of their systems in 2003.
    
    However, the conclusion, drawn by consulting company Deloitte Touche
    Tohmatu, is puzzling as the survey itself (which can be downloaded
    from the company's website) says that only 31 of the top 100 global
    financial services institutions ranked by 2002 assets were involved in
    the survey.
    
    The release accompanying the survey has it differently.
    
    "Practitioners from Deloitte's Global Financial Services Industry
    practice conducted face-to-face interviews with senior information
    technology executives of the top 100 global financial services
    organizations (sic)," it says.
    
    The survey claims that the results, published this month, "provide a
    global benchmark for the state of security in the financial sector."
    
    Did the company actually speak to representatives from the top 100?  
    Kevin Shaw, Leader Security Services Group - Asia Pacific for the
    company's Enterprise Risk Services, said: "What we can say is that
    interviews with senior information technology executives of top 100
    global financial services organizations (sic) were conducted and that
    the sample includes 31 of the top 100 global financial services
    institutions."
    
    He said four Australian banks were among those interviewed but refused
    to name them.
    
    "I am sure that you will understand that respecting the
    confidentiality of those who were so kind as to participate is very
    important to us, and so unfortunately, we cannot denote the true
    number of organizations (sic) that have participated in the survey,"  
    Shaw said.
    
    "If we indicate the number of organizations, (sic) people may start to
    reverse engineer the number and make assumptions about who
    participated. This could have impact on two levels, one being that
    unfair assumptions are made leading to potentially erroneous
    conclusions, and the other in that they circumvent our intent and
    promise of allowing organizations (sic) to remain anonymous."
    
    Last year's survey had some question marks over it as well. The
    company claimed the participants represented 35 percent of the top 500
    global financial services organisations, which would have meant that
    175 companies of the top 500 had been interviewed.
    
    However, when asked about it, Deloitte admitted that the facts were
    that 35 percent of the top 50 global financial services organisations
    - meaning 17 or 18 - had been involved.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri May 28 2004 - 08:05:40 PDT