Managers say security is good, despite bad grades

Most IT managers think information security at their agencies is pretty darn good—despite the latest computer security report cards handed out by the House Government Reform Committee, which gave agencies an overall grade of D+.In a GCN telephone survey, 31 percent of managers we polled described the overall state of security at their agencies as excellent. The majority, 51 percent, rated it good. Only 3 percent characterized their security as poor.Moreover, 79 percent described the effectiveness of risk assessment and vulnerability management procedures at their agencies as good or excellent.Worms and viruses were a major concern of 47 percent of the managers we talked with, while hackers were a big worry for 35 percent. Spyware and phishing came in at 30 percent, and potential weaknesses in wireless networks were a concern for 28 percent.More than a quarter of the managers in the survey said their agencies outsource some security functions to private security companies, including antivirus protection (52 percent), intrusion detection or prevention (48 percent), perimeter security (41 percent) and vulnerability or patch management (41 percent).Among those who don’t outsource security, 77 percent said their agencies weren’t likely to consider handing over any functions to the private sector.