CSO Security Priorities Survey

Thank you for participating in CSO & Gigamon's Security Priorities Survey. As a thank you for your participation you will have the chance to win a Apple iWatch Sport or the equivalent of $500 Visa Cashcard.

Detailed terms and conditions can be found at: http://www.cso.com.au/article/589783/cso-security-priorities-survey-prize-terms-conditions/

By filling out this survey, you are consenting to CSO sharing your information with our content partner, and with IDG offices worldwide.

Question Title

* 1. How has your concern about information-security threats changed over the last year?

Not concerned

Less concerned

About the same

More concerned

Much more concerned

Question Title

* 2. How involved in security strategy are your business executives now versus a year ago?

Not involved

Less involved

About the same

More involved

Much more involved

Question Title

* 3. Have high-profile breaches, such as those at Kmart Australia, David Jones, and the US Office of Personnel Management, prompted your organisation to review its security approach?

No, business as usual

No, company is satisfied with its current approach

Yes, reevaluating security capabilities

Yes, reevaluating security capabilities and business requirements

Yes, reconsidering IT security from the ground up

Other (please specify)

Question Title

* 4. In the past 12 months, has your organisation's senior management placed more, less or the same value on risk management?

Much less value

Less value

More value

Much more value

No change

Question Title

* 5. In the next 12 months, how do you expect the value senior management places on risk management to change?

Much less value

Less value

More value

Much more value

No change

Question Title

* 6. Do you have enough skilled staff to keep up with your IT-security needs?

No, and not currently looking

No, looking but can't find them

Yes, have enough for now

Yes, I've found the skills I needed within Australia

Yes, but have had to source them outside of Australia

Yes, I've promoted from within.

Other (please specify)

Question Title

* 7. Overall, how would you say your users' attitudes towards security have changed in the last year?

Much less concerned about security

Less concerned about security

About the same

More concerned about security

Much more concerned about security

Question Title

* 8. How often do you run user security-awareness training?

Less than yearly

Yearly

Six-Monthly

Quarterly

Monthly

Fortnightly

Weekly

On-Demand

Question Title

* 9. To whom do you directly report NOW?

CEO/Owner

Chief Information Officer

IT Manager; Managing Director

CSO; Chief Technology Officer

Chief Financial Officer

Chief Risk Officer

Other (please specify)

Question Title

* 10. To whom did you report 2 YEARS AGO?

CEO/Owner

Chief Information Officer

IT Manager

Managing Director

CSO

Chief Technology Officer

Chief Financial Officer

Chief Risk Officer

Other (please specify)

Question Title

* 11. How often do you meet with your direct executive report?

Daily

Weekly

Fortnightly

Monthly

Quarterly

Six-monthly

Annually

Question Title

* 12. How often do you meet with the company executive or board?

Daily

Weekly

Fortnightly

Monthly

Quarterly

Six-monthly

Annually

Question Title

* 13. With what business units do you collaborate to address risk-management issues? (tick all that apply)

Executive

Payroll

Accounts Payable/Receivable

Manufacturing

Sales/Marketing

Logistics; IT

Physical/Corporate Security

Legal

Supply Chain

Question Title

* 14. What impacts are your executives most concerned about from a security breach? (tick all that apply)

Financial losses

Loss of customer confidence

Loss of investor confidence

Loss of competitive advantage

Potential legal liability for the company

Potential compliance or government penalties

Potential personal liability for the executives or board

Question Title

* 15. How much autonomy are you given in securing your IT infrastructure?

Very little

A little

A fair bit

A lot

Carte blanche

None

Question Title

* 16. How many security breaches have you dealt with in the past 12 months?

1-3

4-6

7-10

11-20

21+

Other (please specify)

Question Title

* 17. What kind of breaches have you dealt with in the past 12 months? (tick all that apply)

Denial of service

Theft of data from network

Theft of mobile device

Social engineering

Advanced Persistent Threat

Ransomware

Conventional Virus

Other (please specify)

Question Title

* 18. If you have dealt with a security incident in the past year, how much did the most damaging breach cost to remediate?

No security incidents

Up to $10,000

Up to $50,000

Up to $100,000

Up to $500,000

Up to $1m

$1m+

Question Title

* 19. If you have dealt with a security incident in the past year, how long did it take to fix?c

Minutes

Hours

Days

A week

A fortnight

A month

More than a month

Question Title

* 20. How have your IT security budgets changed since the last year?

Reduced by more than 10%

Reduced by less than 10%

Stayed the same

Increased by less than 10%

Increased by more than 10%

Question Title

* 21. What kinds of security tools will you be buying in the next year? (tick all that apply)

Next-gen firewalls

Intrusion detection/prevention systems

Identity and access management

Encryption and key management

SIEM; Security analytics

Mobile Device Management

Biometrics

Other (please specify)

Question Title

* 22. How many security products (both commercial and open source), do you currently have which consume either raw traffic (from a TAP or SPAN port), or Netflow?

1-5

6-10

11 or above

Question Title

* 23. Are you planning a core speed upgrade (eg. 1G->10G, 10G->40G) and will your current security products cope with the increased speeds?

Yes, Yes

Yes, No

No, neither at this stage

Currently in consideration

Question Title

* 24. What kinds of security services will you be buying in the next year? (tick all that apply)

Managed security services

Threat intelligence

Penetration testing

Load testing

DDoS remediation

Security consulting

Other (please specify)

Question Title

* 25. What IT-security functions do you outsource now? (tick all that apply)

Network monitoring

Intrusion detection

Access management

Device configuration

Email scanning

Penetration testing

Security testing

Patch management

Other (please specify)

Question Title

* 26. How comfortable are you running cloud-based security services?

We prefer to keep security inhouse

We're testing some cloud-based security services

We're using some cloud-based security services

We're only using cloud-based security services

We've stopped using some cloud-based security services

Question Title

* 27. How do you control use of mobile devices? (tick all that apply)

No controls

Block unregistered devices from network

Require use of commercial mobile-security tools

Virtual 'sandboxes' for running applications

Dedicated mobile app stores

Mobile Device Management tools

Other (please specify)

Question Title

* 28. In general, how satisfied are you with the quality and relevance of products and services offered by security vendors?

	No opinion/Not sure	Very Dissatisfied	Dissatisfied	Satisfied	Very Satisfied
Products	Products No opinion/Not sure	Products Very Dissatisfied	Products Dissatisfied	Products Satisfied	Products Very Satisfied
Services	Services No opinion/Not sure	Services Very Dissatisfied	Services Dissatisfied	Services Satisfied	Services Very Satisfied

Question Title

* 29. Please enter your details below to go into the draw to win a Apple iWatch Sports

Name (First / Last )

Phone

Company

Job Title