ESF 1996-7 Survey (critical applications)
Full title: 1996/97 Information security status survey: Consolidated results: Critical business applications
Overview: The ISF's 1996/97 Information Security Status Survey was the most searching study ever conducted into the security of information systems in leading enterprises operating around the world. Surveyed organizations had a collective annual turnover of $450 billion. This report focussed on the effectiveness of the security arrangements applied to 163 critical business applications. The survey probed the key features of each application, the status of controls and the types of incident that compromised the confidentiality, integrity or availability of application data. Analysis of responses identified 'benchmark applications' with exceptionally effective security arrangements - effectiveness being demonstrated by substantially lower incident rates. The pattern of controls applied to these applications is highly revealing about how IT risk can be managed down to an acceptable level.
Published by: European Security Forum (ESF)
Date published: August 1997
Status: Available to ISF Members.
Citicus role: A founder of Citicus developed the survey questionnaires for and in conjunction with the ESF management team, analysed responses, verified the integrity of key data and was the principal author of this report. Another founder of Citicus contributed to the data acquisition and analysis.