The State of Information Security - CSO Magazine - October 2003: "
A worldwide study conducted by PricewaterhouseCoopers and CIO magazine
BY SCOTT BERINATO WITH RESEARCH DIRECTED BY LORRAINE COSGROVE
THE BEST PLACE to start is with what 'The State of Information Security 2003' survey doesn't include. It doesn't include some stark bit of data that will make you slap your forehead and exclaim, 'Oh, that's the problem!' It doesn't include figures that suggest a secret formula for setting a security budget. Nowhere in its hundreds of pages of raw numbers will you find The Answer, because The Answer is a fiction, even if the problem is not. Information security is a difficult, nuanced and immature craft. Silver bullets are for people who aren't serious about solving the problem.
What this survey does include, in its depth (more than 7,500 respondents) and intricacy (44 questions cross-tabulated by company size, security budget, geographical region and dozens of other categories) is a comprehensive profile of the imperfect and evolving world of information security.
According to the survey findings, it seems you're all just now coming to terms with information security as a problem. You understand that fixing the problem won't be easy--that it will take a complex combination of infrastructure, education, proactive risk analysis and regulation."