Real Research or a Marketing Ploy? | eWeek

Real Research or a Marketing Ploy?

Aug 29, 2005
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The impact of regulatory compliance on IT security is nearly impossible to measure accurately. However, a research survey launched on Aug. 24 by BindView Corp., The Institute of Internal Auditors and the Computer Security Institute purports to get a baseline assessment of just that.

I think the survey results will be interesting—especially to auditors and vendors with compliance products to sell—but Im not sure how much the survey respondents will actually get out of the process.

The survey is active now, and I want to preserve the sample selected by the surveys sponsors, so I wont provide the URL here.

I will say that the survey is designed for CSOs, is composed of 30 questions—mostly multiple choice—and is comprehensive in covering all the regulatory bodies that are currently picking over corporate IT and finance departments.

There are two problems with the survey from the point of view of the CSO who is being asked to submit answers. The first is that the survey appears to lack a systematic method for eliciting the actual number of staff hours that are expended to comply with various aspects of complying with regulations. The second problem, as I said above, is that it will likely provide very little real benefit to participants.

Companies that have stringent regulatory responsibilities assigned to them by law already know what they are supposed to be doing. This means that the respondents providing data to the third-party sponsors of the research survey wont be getting anything more valuable than that an affirmative response that various businesses in the sample indeed must comply with this or that specific rule.

/zimages/3/28571.gifZotob worm suspects arrested.Click hereto read more.

In areas of the survey where less is known about the actual requirements of an audit—a common complaint about Sarbanes-Oxley—it appears that, for the time being, its probably enough to demonstrate that a system of controls is in place.

When it comes to making decisions about how to comply with regulatory mandates, having more and better information is always better than getting less and poor-quality data. However, the survey I got in my e-mail appears to be a survey of potential customers, rather than an unbiased research tool that will shed light on the best way for companies to meet their responsibilities under the law.

eWEEK Labs Technical Director Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.