Survey cites lack of "best practices" as greatest challenge for IT security professionals
February 06, 2008

First report in series on security practices, IT career issues, security awareness

OTTAWA- A recent report released by the Canadian Advanced Technology Alliance (CATA) indicates that a lack of recognized best practices is the top Information Technology (IT) Security challenge affecting organizations today.

The report, titled Canadian IT Security Professional Perspectives provides a comprehensive review of the findings of a survey of over 300 Canadian executive and frontline IT security professionals on their every day security challenges, use and trust of information sources, and the career advantages that an IT skill set provides them.

The survey, a collaborative effort between Microsoft Canada, High Road Communications, and CATA, was conducted in support of National IT Security Week initiatives, and the results serve as a reminder that in this electronic age, individuals and companies alike require an increasing amount of defense against unseen forces. Spammers, hackers, and viruses are constantly bombarding our computers, our privacy, and at a greater level, our national security. Yet while there are tools in place to help combat these, it is often the lack of best practices that are cause for the most serious challenges to an organization's security integrity.

"Most IT security professionals feel they have access to a sufficient range of tools to address their security needs, but face a lack of recognized best practices to assist in determining how to best manage and implement them," says Kevin Wennekes, Vice President Research for CATA and report author. "Further complicating matters is the lack of vested interest managers, other IT professionals, and end-users have in ensuring security practices are adhered to or given proper consideration during the design stages of new IT initiatives."

The study notes that frequently, company disclosure laws inhibit the sharing of best practices, and that many of the companies promoting a best practice are in fact only promoting the use of their product or service. Respondents identified practical means by which these best practices could be developed and shared, and principles regarding their applicability and use.

The study also identifies:

  • The relative impact of a dozen known IT security challenges - with results demonstrating the difference in priorities between those in varying roles/titles
  • The daily demands on time in managing IT Security needs and predictions on future impact
  • Information Sources - views on the general and trade media, colleagues, vendors, online communities: Which are they using? Which do they most trust?
  • How important respondents feel an IT Security skill set is to enjoying a successful career in IT in general and whether this provides them with a career advantage over others
  • Perspectives on Canada as a Global IT Security Leader - current status, key strengths, challenges, opportunities
  • Critical Messages for Canadians - providing IT security professionals a soap box on which to stand: Who do they want to speak to; What do they want to say?

A future series of IT Security Perspective Reports is currently under development and will seek to build upon the preliminary levels of understanding generated from this study, and further explore other topical issues that impact on an IT security professional's career and working environment.

"This study was a critical first step in helping us to understand not only how we as a vendor are credibly perceived, but also identified how we can become more credibly and transparently involved in helping to establish industry-accepted best practices," says Bruce Cowper, Senior Program Manager, Security Initiative for Microsoft Canada. "We look forward to continuing to work with and through CATA to better understand the challenges IT security professionals face in their careers and means by which Microsoft Canada can assist them."

Future IT Security Professional Perspective studies will seek to address issues/topics such as determining how industry and government can help enable the creation of best practices, which certifications/accreditations are seen as specifically useful in Canada, what support/training is required for security professionals as they travel their career path, and seeking means of addressing the perceived 'ignorance' of IT managers to security needs.

Other recommended next steps resulting from the study include the need to commence developing industry-wide best practices, conduct a employer-based study of the value of an IT security skill set, and a call to commence consultations towards defining Canada's global IT security brand designed to propel our Nation into a global leadership role.

For more information on the survey and how to get involved in future studies or initiatives for the IT security sector, please contact Kevin Wennekes, Vice President Research, CATA, at

- 30 -

++ Action item:

To receive a copy of the report, send an email to Kevin Wennekes requesting a copy. CATAAlliance members pricing ($65), non members ($695). Media may request a complimentary copy.

Interested in more security related research? CATA has just completed groundbreaking research exploring the technology use of Canada's First Responders. Download the Executive Summary here.

The Research project was conducted in a collaborative partnership between Microsoft Canada, High Road Communications, and the Canadian Advanced Technology Alliance (CATA). Organizations interested in conducting research and/or Surveys in partnership with CATAAlliance should contact Kevin Wennekes by e-mail or by calling 613.236-6550 ext 240.