NewswireToday - /newswire/ -
London, United Kingdom, 2010/10/20 - A new research carried out by Vanson Bourne on behalf of LogLogic®, figures out today indicate that 62 percent of public sector organisations are currently unaware of the CESG’s compulsory GPG13 Protective Monitoring mandate. NASDAQ: TIBX
According to new research carried out by Vanson Bourne on behalf of LogLogic®, the leader in SIEM and log management, figures out today indicate that 62 percent of public sector organisations are currently unaware of the CESG’s compulsory GPG13 Protective Monitoring mandate for Her Majesty’s Government (HMG) ICT systems.
80 Percent of Respondents Do Not See GPG13 as a Positive
Of those who were aware of GPG13 (38 percent), a staggering 80 percent said that at a board level in their organisation, the mandate was poorly perceived: 28 percent felt that it was viewed purely as a costly tick in the box exercise with no obvious benefits; 26 percent said it was seen as a necessary evil and a further 26 percent said that the board were completely unaware of its existence. Just 20 percent said that it was seen as a positive initiative (16 percent saying it added value with obvious benefits to the company and its customers and 4 percent recognising that it offered additional benefits to the organisation and was a positive initiative).
Despite poor awareness at board level, the research found that 68 percent of respondents (IT and security management) felt that GPG13 would actually improve accountability of users’ activities. However, in terms of implementation, disappointingly only 10 percent have the necessary processes in place right now and a huge 44 percent admitted that it’s not something they are looking at yet. Only 46 percent are reportedly in the process of implementing it, but they haven’t completed it as yet.
70 Percent of Respondents Say GPG13 is Unfunded Mandate
Interestingly 36 percent of respondents felt that the biggest challenge to implementing GPG13 was ensuring that employees have the skills and training needed to operate the environment correctly. This isn’t helped by that fact that 70 percent said that no additional funding had been provided to help meet the requirements. Other challenges cited were defining requirements and controls for monitoring (32 percent), implementation (22 percent) and finally identifying appropriate technologies to automate the process (10 percent).
“The Good Practice Guide 13 (GPG13) protective monitoring framework was developed to help public sector organisations to know exactly what’s happening within their ICT infrastructure in a controlled and effective manner,” said Bill Roth, Executive Vice President at LogLogic. “It is a mandatory accord for all central and local government, fire, police, health and education authorities. Given the results of the survey, it seems there is still a lot of work that needs doing to bring organisations in line with requirements – not least raising awareness of the actual mandate itself!”
He continued: “Protective Monitoring is a way of reducing and treating risks to HMG ICT systems and infrastructure. Public sector organisations need to not only record logs, but actually refer to them and raise alerts to any potential security breaches. If they don’t, anyone breaching and abusing those systems will continue to go unchecked and the confidentiality, integrity and availability of those systems could seriously suffer.”
About the survey
All 130 survey respondents were from public sector organisations (43 percent from local government, 29 percent from healthcare, 18 percent from central government, 4 percent from defence and six percent from other public sector organisations (Fire Service; National Policing Improvement Agency; Scientific institute). In terms of organisation size, 58 percent had more than 3,000 employees, 22 percent had between 3000 and 1001 and the remaining 20 percent had between 1001 and 500 employees.
Of the 130 respondents only 50 were aware of the GPG13 mandate and went on to answer the remaining questions about implementation, key challenges and budget allocations to support the mandate.
LogLogic® (loglogic.com) is the leader in log management and security event management solutions. More than 1,000 customers worldwide entrust their most sensitive log data to LogLogic’s award-winning products. For updates from the Company, visit the blog or follow LogLogic on Twitter.
All trademarks mentioned in this press release are the property of their respective owners.