Abstract
The New Zealand Computer Crime and Security Survey is conducted by the Security Research Group (SRG) of the University of Otago, in partnership with the Government Communications Security Bureau, Centre for Critical Infrastructure Protection (CCIP), New Zealand Police and the Computer Security Institute (CSI). This 2006 survey is the second annual survey. It is based on the US CSI/FBI Computer Crime and Security Survey, the longest running continuous survey in the information security field and commonly known as a leading source of statistics related to computer crime and security. The 2006 survey results are based on the responses of 113 computer security practitioners in New Zealand (NZ) manufacturing, governmental, financial and medical organisations, and tertiary education providers regarding the 2005 calendar year. All monetary figures are in NZ$, roughly equivalent to US$0.7 at time of publication. It is probable that the lowered response rate to the 2006 survey was due to conducting it in parallel with the 2007 survey in one twelve-month period. This was necessary to bring publication dates in line with the US (CSI/FBI) and Australian Computer Crime and Security surveys with work on the 2007 survey report already underway. Issues considered this survey are: - Types and prevalence of security technologies in use - Types, cost of, and response to security incidents - Budgeting issues: percentage of IT budget spent on security, outsourcing of security function, incident insurance, security investment per employee, cost-benefit metrics in security planning - Popularity of common workstation operating systems (OS) - Security audits and security awareness training - Information security training, qualifications and certification - IT standards, policies and procedures.