A survey released by Courion Corporation finds that 33 percent of IT decision makers do not believe they have an accurate assessment of their organization's IT risk from internal and external sources.
The company's survey sample was more than 1,200 IT decison makers at large enterprises. Nearly two-thirds of these organizations had more than 1,000 employees each.
Twenty-three percent indicated that their organization did not have a formal IT risk management program, while of those that did 60 percent said that they review user access rights once per year or less frequently. Forty-five percent said that they do not certify user access to high-risk applications on a regular basis.
Other findings include that 48 percent of the respondants' companies had discovered excessive user rights within their systems; 39 percent of respondents said they had identified instances of inappropriate access by privileged users within their organizations; and 56 percent said they had found cases in which access was still active for a user’s prior role.
♦ Photo by icyFrance/Flickr