Security Poll: The "I need to" List

I’ve been running an informal poll since October 2005 targeted to IT pros and IT “generalists” asking them what their security “priorities” were. The reason I asked is because it helps my team focus on what security guidance content we build. Here’s the results so far and please feel free to comment. Updated 2.20.06 with some additional items based on more email comments coming in:

1I need a way to block spyware, malware, and malicious sites16%
2I need help understanding and dealing with the requirements that regulatory compliance places on my organization 15%
3I need to be able to monitor the overall level of security of my environment and remediate any machines that are not up to security standards13%
4I need a good incident response process and tools so I can better deal with attacks10%
5I need a way to secure email and messaging from viruses and spam7%
6I need a way to automatically wall off untrusted or infected computers from the rest of the network6%
7I need to be able to easily provision new users, including account setup, group additions, and mailbox configuration6%
8I need to protect against internal threats, both inadvertent and deliberate6%
9I need to provide my partners with secure access to documents over the Internet4%
10I need to be able to provide my users a way to securely reset their own passwords to reduce Help Desk calls4%
11I need to secure my Exchange Server(s)3%
12I need to protect the confidentiality of email3%
13I need an easy way to configure all the components required for a remote access VPN to Windows RRAS server2%
14I need to configure the auditing of my users’ file access and alert me of unusual activity2%
15I need a way to support smart card logon for remote access VPN connections, and help on what hardware and software is required to make it work1%
16I need Windows Update/Microsoft Update to work for networks that use authenticating Web proxies1%
17I need to consolidate directories between multiple applications/environments1%
18I need a way to protect insiders from social engineering threats1%
19I need to secure SQL server(s)1%
20I need to secure laptops/mobile devices including pocket PCs and Smartphones0%
21I need to configure our WAPs to support WPA and to configure the required supporting network infrastructure0%
22I need to provide my users with the ability to manage their own distribution and security groups for communications and permissions0%
23I need to provide single-sign-on capabilities for my users across both Windows and Unix/Linux machines0%

Comments (0)