文档介绍:07/21/2006 12:25 PM Page 1
ELEVENTH ANNUAL
2006
CSI/FBI
COMPUTER CRIME
AND SECURITY SURVEY
2006
CSI/FBI
COMPUTER CRIME
AND SECURITY SURVEY
by Lawrence A. Gordon, Martin P. Loeb,
William Lucyshyn and Robert Richardson
puter Crime and Security Survey is con- CSI/FBI survey. All of the following issues relate to the
ducted by puter Security Institute with the economic anizations make -
participation of the San Francisco Federal Bureau of puter security and the way they manage the risk associ-
Investigation’puter Intrusion Squad. The survey ated with security breaches:
is now in its 11th year and is, we believe, the longest- ❏ anizations use to evaluate the perfor-
running continuous survey in the information security mance of puter security investments;
field. This year’s survey results are based on the respons- ❏ Security training needs anizations;
es of puter security practitioners in . cor- ❏ Organizational spending on security investments;
porations, government agencies, financial institutions, ❏ The impact of outsourcing puter security
medical institutions and universities. activities;
The 2006 survey addresses the major issues con- ❏ The use of security audits and external insurance;
sidered in earlier CSI/FBI surveys, thus allowing us to ❏ The role of the Sarbanes–Oxley Act of 2002 on se-
analyze puter security trends. The long- curity activities, and;
term trends considered include: ❏ The portion of the information technology (IT)
❏ Unauthorized use puter systems; anizations devote puter security.
❏ The number of incidents from outside, as well as
inside, anization; This year’s questionnaire also included some questions
❏ Types of attacks or misuse detected, and; being introduced for the first time. In particular, an
❏ Actions taken in response puter intrusions. open-ended question about the current concerns of
respondents has provided insight into the relat