In defense of the realm: understanding the threats to information security

The popular press is replete with information about attacks on information systems. Viruses, worms, hackers, and employee abuse and misuse have created a dramatic need for understanding and implementing quality information security. In order to accomplish this, an organization must begin with the identification and prioritization of the threats it faces, as well as the vulnerabilities inherent in the systems and methods within the organization. This study seeks to identify and rank current threats to information security, and to present current perceptions of the level of severity these threats present. It also seeks to provide information on the frequency of attacks from these threats and the prioritization for expenditures organizations are placing in order to protect against them. The study then will compare these findings with those of previous surveys. (C) 2004 Elsevier Ltd. All rights reserved.