Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, and the Government Technology Research Alliance (GTRA), a non-profit organization dedicated to the development and success of the government IT community today announced the results of a U.S. government cybersecurity survey. The jointly sponsored online survey evaluated the attitudes and responses of 111 security and compliance professionals from U.S. government agencies and contractors.

“Cybersecurity continues to be one of the top priorities of senior executives in the federal government,” said Ron Ross, fellow at National Institute of Standards and Technology (NIST). “Studies, such as this one, bring together important data points that help decision makers assess trends and take part in an ongoing dialog that will help us craft effective solutions to our difficult and challenging cybersecurity problems.”

Key findings from the survey include:

• 60 percent believe the new NIST framework will improve security.
• 55 percent believe government IT security has improved due to the administration’s policies.
• 46 percent say they have seen reductions in risk due to continuous monitoring efforts.
• 43 percent of IT security and compliance employees consider poor governance and the dysfunctional Congress “the biggest security threat we face.”

“While these findings show that we have made some progress on federal cybersecurity, we still have a long way to go,” said Parham Eftekhari, executive vice president of research and co-founder of GTRA. “Our hope is that by partnering with federal agency CIOs and industry thought leaders like Tripwire, we can generate thought-provoking research that will help spur dialog and ultimately increase the rate of change.”

Additional key findings:

• 45 percent of respondents believe funding is the greatest challenge their agency faces in successfully implementing cybersecurity programs; only 37 percent believe they have adequate resources to properly implement policy; and when asked what federal security leaders should do to connect security to the agency mission, the second-most popular response was “more funding.”
• While 47 percent of GTRA members believe their agency cares more about compliance regulations than improving security, 65 percent still believe their agency follows industry standards and best practices.

Notes Dwayne Melancon, chief technology officer for Tripwire: “It is encouraging that government security and compliance professionals are seeing benefits from continuous monitoring and that they are optimistic about future improvements through the new NIST framework However, the survey results highlight the fact that resource constraints are a significant inhibitor to stronger security.”

Melancon continued: “Unfortunately, it seems that agencies still fear the auditor more than the adversary. Their biggest concern is becoming compliant, and while compliance can help improve security, it is not the most significant threat to achieving the mission for most organizations.”

The complete survey is available for download at http://www.tripwire.com/register/hanover-research-government-it-security-survey-analysis/ and will be discussed in detail at GTRA’s upcoming council meeting, which will be held June 22 – 24, 2014, at the Lansdowne Resort in Leesburg, Virginia.

About GTRA

The Government Technology Research Alliance (GTRA) is a 510(c)3 non-profit organizations comprised of public and private sector leaders dedicated to the development and success of the government IT community. With over 15,000 members, GTRA provides multiple forums to collaborate, strategize and create innovative solutions for the challenges facing the civilian, defense and intelligence communities in areas including infrastructure, cyber security, cloud computing, big data, health IT, sustainability and innovation. By sharing best practices and lessons-learned, knowledge at the executive-level is exchanged among peers and results in actionable government-wide strategic plans to meet OMB, White House, NIST, DoD and agency specific mandates.

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.