The survey, released Wednesday by security services company RedSiren, indicates that many IT professionals view security guidelines as work-intensive. But they also believe the regulations--such as the, HIPAA (the Health Insurance Portability and Accountability Act) and the Gramm-Leach-Bliley Act--are making a difference.
Of the 300 IT professionals interviewed for the study, 66 percent agreed that the government regulations have improved the overall security of the networks they work on.
On the flip side, many of the people surveyed said theeat up a bulk of their working hours, leaving less time for other security-related projects.
Sixty-two percent of respondents said they now spend more time complying with regulations than addressing other security-related matters, and more than 38 percent said this demanding work has caused them to scale back other IT security projects.
Still, in a nod to the perceived effectiveness of the government security laws, 19 percent of those surveyed said they would be comfortable spending less time actively monitoring network security asand incident response technologies become more automated.
Executives at RedSiren said this trend may be somewhat dangerous because regulation compliance alone does not constitute foolproof protection.
"This shows a clear disconnect among the very people who need to be thinking proactively about how to best protect their networks and the information that resides on them," said Nick Brigman, vice president of product strategy at RedSiren. "On one hand, they know that the government's rules are making them move in one direction. But on the other hand, a surprising number are willing to leave things to chance."
RedSiren noted that this potentially false sense of protection was more prevalent among the IT professionals at smaller organizations, as many of the workers there feel their operations are overlooked by hackers and other criminals.
"Attackers are looking for any outlet to gain control, regardless of size," Brigman said. "At best, these people may be deluding themselves into a false sense of security. At worst, they're taking a dangerous risk."
Fifty percent of the people responding to the survey listed e-mail-borne threats, such as viruses,and phishing, as the greatest threats to IT security in the coming year. Eight percent of those interviewed said that will constitute the biggest single threat to their systems in 2005.
Ninety percent of respondents reported that theirwill either stay the same or grow during 2005, with 18 percent saying that such budgets will grow significantly, or by more than 20 percent.