2007 New Zealand computer crime and security survey

Abstract

The New Zealand Computer Crime and Security Survey is conducted by the Security Research Group (SRG) of the University of Otago, in partnership with the Government Communications Security Bureau, Centre for Critical Infrastructure Protection (CCIP), New Zealand Police, NZ Internet Task Force, and the Computer Security Institute (CSI). This 2007 survey is the third annual New Zealand (NZ) survey. It is based on the US CSI/FBI Computer Crime and Security Survey, the longest running continuous survey in the information security field and commonly known as a leading source of statistics related to computer crime and security.

The 2007 survey results are based on the responses of 150 computer security practitioners in NZ manufacturing, governmental, financial and medical organisations, and tertiary education providers regarding the 2006 calendar year. All monetary figures are in NZ$, roughly equivalent to US$0.70 at time of publication.

Issues considered this survey are: - Types and prevalence of security technologies in use - Types, cost of, and response to security incidents - Budgeting issues: percentage of IT budget spent on security, outsourcing of security function, incident insurance, security investment per-employee, cost-benefit metrics in security planning - Popularity of common workstation operating systems (OS) - Security audits and security awareness training - Information security training, qualifications and certification - IT standards, policies and procedures - Managing proprietary information on PDAs/Cellphones - Management of SPAM - Handling of porn and objectionable material on workplace ICT

NB References to US figures refer to those from CSI surveys, while references to Australian figures refer to those of the 2006 AusCERT survey. In referring to monetary costs, the word ‘thousand’ is subsituted by ‘k’ for brevity.