RSA and Infosecurity Europe Attendee Survey Results | eWEEK Labs | eWeek

RSA and Infosecurity Europe Attendee Survey Results

May 14, 2008
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Digging through my e-mail, I came across some analysis by Shavlik that summarized the company’s findings of polls conducted in April at the RSA Conference and Infosecurity Europe.

Shavlik makes security, compliance and update tools aimed primarily at Windows systems, so unsurprisingly, the poll results showed a need for the company’s products. And just because this is so, the conclusions of the analysis coincide with a position that I’ve advocated for some time: that a well-managed network is a foundation of a secure network.

The survey analysis supplied by Mark Shavlik, CEO of Shavlik Technologies, highlighted that “Companies are increasingly recognizing the need to automate operations in order to streamline compliance as an ongoing business process. But too many organizations still don’t have a standard approach, which leaves gaps in their security infrastructure … solutions that simplify, automate, and provide better control over security and compliance management.”

The survey results of 491 conference attendees showed that just over 75 percent indicated that they were either concerned or highly concerned over compliance with specific mandates such as PCI DSS (Payment Card Industry Data Security Standard), ISO 27002, or Sarbanes-Oxley Act.

You can tune in to a Ziff Davis Enterprise security virtual tradeshow on June 24 to hear me talk a little more about compliance and security. You will likely be more interested in my remarks if you are working in IT for an organization that is not highly regulated, for example, retail or a non-financial service. The reason why is because retailers are feeling the pinch of PCI compliance, many for the first time. I’ll provide some pointers on how to approach a PCI compliance project and give suggestions on how to make the process efficient.

Getting back to the survey results, I’m not sure I’d lump PCI DSS in with ISO 27002 and certainly not with SarbOx. PCI DSS is still fairly new, very technically specific and not a real “regulation” in the sense that it has the force of law. (PCI has something better than law, it has the power to deny credit card processing or even better to escalate card processing charges.) SarbOx has been around since 2002, is vaguely defined (from a technology point of view), is highly systematized by the professional auditors and is a true regulation with a legislative mandate. So, I bet the “concern” numbers cited above are a bit skewed by the PCI newbies.

With that said, it is interesting to take a look at the survey results to see if your concerns match up with Shavlik’s findings.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.