Photos of Larryblakeley
(Contact Info: larry at larryblakeley dot com)
Important Note: You will need to click this icon to download the free needed to view most of the images on this Web site - just a couple of clicks and you're "good to go."
The Computer Crime and Security Survey is conducted by the Computer Security Institute (CSI) with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad. This survey indicates how often crime occurs on computer networks and how expensive these crimes can be. The 2004 survey is based on responses from 494 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities.
Some of the key findings from the participants in this year’s survey are summarized here. The findings discussed below emphasize changes taking place in the computer security arena, as well as items not considered in previous CSI/FBI surveys.
- Unauthorized use of computer systems is on the decline, as is the reported dollar amount of annual financial losses resulting from security breaches.
- In a shift from previous years, both virus attacks and denial of service outpaced the former top cost, theft of proprietary information. Virus costs jumped to $55 million.
- The percentage of organizations reporting computer intrusions to law enforcement over the last year is on the decline. The key reason cited for not reporting intrusions to law enforcement is the concern for negative publicity.
- Most organizations conduct some form of economic evaluation of their security expenditures, with 55 percent using Return on Investment (ROI), 28 percent using Internal Rate of Return (IRR), and 25 percent using Net Present Value (NPV).
- Over 80 percent of the organizations conduct security audits.
- The majority of organizations do not outsource computer security activities. Among those organizations that do outsource some computer security activities, the percentage of security activities outsourced is quite low.
- The Sarbanes-Oxley Act is beginning to have an impact on information security in some industries.
- The vast majority of the organizations view security awareness training as important, although (on average) respondents from all sectors do not believe their organization invests enough in this area.
The results of this survey clearly indicate that the stakes involved in information systems security have risen. Your organization is vulnerable to numerous types of attack from many different sources and the results of an intrusion can be devastating in terms of lost assets and good will.
About the Authors:
Lawrence A. Gordon is the Ernst & Young Alumni Professor of Managerial Accounting and Information Assurance in the Robert H. Smith School of Business at the University of Maryland.
Martin P. Loeb is Professor of Accounting and Information Assurance and Deloitte & Touche Faculty Fellow in the Robert H. Smith School of Business at the University of Maryland.
William Lucyshyn is Visiting Senior Research Scholar in the School of Public Affairs at the University of Maryland.
Robert Richardson is Editorial Director at the Computer Security Institute.
- "CSI/FBI Computer Crime and Security Survey," Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn and Robert Richardson, Computer Security Institute (CSI) http://www.gocsi.com/, Computer Crime and Intellectual Property Section (CCIPS) http://www.usdoj.gov/criminal/cybercrime/CSI_FBI.htm, Department of Justice - Criminal Division http://www.usdoj.gov/criminal/, Department of Justice - Computer Crime and Intellectual Property http://www.usdoj.gov/criminal/cybercrime/index.html, United States Department of Justice http://www.usdoj.gov/, 2004
File Name: FBI2004
FBI2004.pdf PDF - 1.8 MB http://www.larryblakeley.com/Articles/security/FBI2004.pdf)
FBI2004.djvu (DjVu - 654 KB http://www.larryblakeley.com/Articles/security/FBI2004.djvu)
Post Date: June 8, 2005 at 9:15 AM CDT; 1415 GMT