INFORMATION SECURITY TRENDS - Computer Training · research information security trends nin th annu...
46
www.comptia.org RESEARCH INFORMATION SECURITY TRENDS NINTH ANNUAL • FEBRUARY 2012 FULL REPORT
Transcript of INFORMATION SECURITY TRENDS - Computer Training · research information security trends nin th annu...
www.comptia.org
RE
SE
AR
CH
INFORMATION SECURITY TRENDS
N I N T H A N N U A L • F E B R U A R Y 2 0 1 2
F U L L R E P O R T
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +!
!"#$%&%'()&*+)+,-.'&
!,)-(./012!!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56!3$4%52!)6!(&'74)$2!,)-(./0!&'2'8&9:!46!*:'!9;3'&2'9$&4*;!2(89'<!=$&*:'&!'>(%)&46?!*&'652<!9:8%%'6?'2!865!)(()&*$64*4'2@!!.:'!)3A'9*47'2!)=!*:42!&'2'8&9:!469%$5'"!!
B .&89C!9:86?'2!46!46=)&-8*4)6!2'9$&4*;!(&89*49'2<!()%494'2<!*:&'8*2<!3&'89:'2!)7'&!*4-'@!B ,)-(8&'!2'9$&4*;!(&89*49'2<!()%494'2<!*:&'8*2<!3&'89:'2<!'*9@!3'*D''6!C';!5'7'%)('5!865!
'-'&?46?!-8&C'*2@!B E846!4624?:*2!46*)!*:'!2'9$&4*;!422$'2!822)948*'5!D4*:!'-'&?46?!*'9:6)%)?;@!!B F65'&2*865!*:'!&)%'!)=!2'9$&4*;!*&84646?!865!'5$98*4)6@!!
!.:'!2*$5;!9)6242*2!)=!=47'!2'9*4)62<!D:49:!986!3'!74'D'5!465'('65'6*%;!)&!*)?'*:'&!82!9:8(*'&2!)=!8!9)-(&':'6247'!&'()&*@!!!G'9*4)6!+"!H8&C'*!I7'&74'D!G'9*4)6!J"!.:'!G'9$&4*;!K865298('!L!.:&'8*2!865!,:8%%'6?'2!!G'9*4)6!M"!N-'&?46?!.&'652!!G'9*4)6!O"!G'9$&4*;!P&)9'22'2!865!P&)9'5$&'2!G'9*4)6!Q"!.:'!R)%'!)=!G'9$&4*;!.&84646?!865!,'&*4=498*4)6!!.:'!58*8!=)&!*:42!2*$5;!D82!9)%%'9*'5!748!8!S$86*4*8*47'!)6%46'!2$&7';!9)65$9*'5!T)7'-3'&!+U!*)!V'9'-3'&!+W<!JU++!*)!8!28-(%'!)=!+<+XM!/.!865!3$246'22!'>'9$*47'2!54&'9*%;!467)%7'5!46!2'**46?!)&!'>'9$*46?!46=)&-8*4)6!2'9$&4*;!()%494'2!865!(&)9'22'2!D4*:46!*:'4&!)&?864Y8*4)62@!.:'!9)$6*&4'2!9)7'&'5!46!*:42!2*$5;!469%$5'"!Z&8Y4%<!/6548<![8(86<!G)$*:!0=&498<!F64*'5!\46?5)-!865!*:'!F64*'5!G*8*'2@!!.:'!'69%)2'5!-8*'&48%!9)7'&2!*:'!F@G@!()&*4)6!)=!*:'!&'2$%*2!ITK]@!.:'!46*'&68*4)68%!&'2$%*2!8&'!(&'2'6*'5!46!8!2'(8&8*'!&'()&*@!!.:'!-8&?46!)=!28-(%46?!'&&)&!8*!WQ^!9)6=45'69'!=)&!8??&'?8*'!&'2$%*2!42!_`B!J@W!('&9'6*8?'!()46*2@!#)&!*:'!F@G@!2'?-'6*!)=!*:'!2$&7';<!-8&?46!)=!28-(%46?!'&&)&!42!_`B!O@Q!('&9'6*8?'!()46*2@!G8-(%46?!'&&)&!42!%8&?'&!=)&!2$3?&)$(2!)=!*:'!58*8@!02!D4*:!86;!2$&7';<!28-(%46?!'&&)&!42!)6%;!)6'!2)$&9'!)=!()2243%'!'&&)&@!a:4%'!6)6B28-(%46?!'&&)&!9866)*!3'!899$&8*'%;!98%9$%8*'5<!(&'98$*4)68&;!2*'(2!D'&'!*8C'6!46!8%%!(:82'2!)=!*:'!2$&7';!5'24?6<!9)%%'9*4)6!865!(&)9'2246?!)=!*:'!58*8!*)!-464-4Y'!4*2!46=%$'69'@!!,)-(./0!42!&'2()6243%'!=)&!8%%!9)6*'6*!9)6*846'5!46!*:42!2'&4'2@!06;!S$'2*4)62!&'?8&546?!*:'!2*$5;!2:)$%5!3'!54&'9*'5!*)!,)-(./0!H8&C'*!R'2'8&9:!2*8==!8*!&'2'8&9:b9)-(*48@)&?@!!!,)-(./0!42!8!-'-3'&!)=!*:'!H8&C'*46?!R'2'8&9:!022)948*4)6!cHR0d!865!85:'&'2!*)!*:'!HR012!,)5'!)=!H8&C'*!R'2'8&9:!N*:492!865!G*8658&52@!!!
!
&
&
www.comptia.org
RE
SE
AR
CH
INFORMATION SECURITY TRENDS
N I N T H A N N U A L • F E B R U A R Y 2 0 1 2
S E C T I O N 1 : M A R K E T OV E R V I E W
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! J!
/+0&1#(2%)&
!• 02!*'9:6)%)?;!('&-'8*'2!'7'&;!=$69*4)68%!8&'8!)=!8!3$246'22!865!-)&'!2*8==!-'-3'&2!822$-'!
*:'!&)%'!)=!C6)D%'5?'!D)&C'&<!)&?864Y8*4)62!-$2*!9)6*'65!D4*:!6'D!2'9$&4*;!*:&'8*2!865!7$%6'&834%4*4'2@!02!2$9:<!)&?864Y8*4)62!9)6*46$'!*)!&8*'!2'9$&4*;!8!*)(!2*&8*'?49!(&4)&4*;@!,)-(./012!!"#$%&&'()$*&+,-.("/,&$012'-/"3$2*$5;!=)$65!e!46!+U!)&?864Y8*4)62!&8*46?!2'9$&4*;!82!8!:4?:`$(('&!%'7'%!(&4)&4*;<!9)-(8&'5!*)!OW^!46!JU+U@!!
• R'=%'9*46?!9)69'&6!)7'&!'-'&?46?!*:&'8*2<!/67'2*-'6*2!46!2'9$&4*;!(&)5$9*2!&'-8462!2*&)6?@!E8&*6'&!=)&'982*2!?%)38%!2'9$&4*;!2'&749'2!2('6546?!*)!&'89:!fMQ@+!34%%4)6!46!JU++!865!8*!%'82*!fOW@+!34%%4)6!46!JU+Q@!/V,!=)&'982*2!8&'!'7'6!:4?:'&<!D4*:!8!(&)A'9*4)6!)=!D)&%5D45'!2'9$&4*;!2'&749'2!-8&C'*!?&)D*:!)=!+Q^!c,0ERd!)7'&!*:'!JU+U!L!JU+Q!*4-'!('&4)5@!!R'7'6$'2!8&'!'>('9*'5!*)!'>9''5!fMW@Q!34%%4)6!46!JU++<!?&)D46?!*)!8%-)2*!fgM!34%%4)6!3;!JU+Q@ !
!• .:'!9)6*46$'5!=)9$2!)6!46=)&-8*4)6!2'9$&4*;!:82!-'86*!*:8*!4*!42!)6'!)=!*:'!$64S$'!=4'%52!D:'&'!
5'-865!=)&!2C4%%'5!D)&C'&2!'>9''52!2$((%;@!G$&7';2!(&'549*!*:8*!2'9$&4*;!A)32!D4%%!3'!46!5'-865!46!JU+J!865!*:8*!*:'&'!D4%%!3'!8!%89C!)=!2C4%%'5!('&2)66'%!D4*:!2('948%4Y'5!2C4%%2!*)!2*8==!*:'2'!)('646?2@!,)-(./012!!"#$%&&'()$*&+,-.("/,&$012'-/"3!4-1&56!2*$5;!&'46=)&9'2!*:'!54==49$%*;!=89'5!46!:4&46?!2C4%%'5!2'9$&4*;!('&2)66'%<!=46546?!OU^!)=!)&?864Y8*4)62!&'()&*!=8946?!9:8%%'6?'2!46!:4&46?!/.!2'9$&4*;!2('948%42*2@!!&
&
&
&
&
&
&
&
&
&
&
&
&
&
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! M!
1-(#-(%(3,%(#2&524#-6,%(#2&7+.$-(%0!!/6!86!469&'8246?%;!54?4*8%<!46*'&9)66'9*'5!D)&%5<!9;3'&2'9$&4*;!8=='9*2!-)&'!)&?864Y8*4)62!)6!-)&'!%'7'%2!*:86!'7'&!3'=)&'@!02!*'9:6)%)?;!('&-'8*'2!'7'&;!=$69*4)68%!8&'8!)=!8!3$246'22!865!-)&'!2*8==!-'-3'&2!822$-'!*:'!&)%'!)=!C6)D%'5?'!D)&C'&<!)&?864Y8*4)62!-$2*!9)6*'65!D4*:!86!'7'&B2:4=*46?!46=)&-8*4)6!2'9$&4*;!%865298('@!!!0*!*:'!28-'!*4-'<!)&?864Y8*4)62!-$2*!38%869'!*:'!6''5!*)!8%%)D!D)&C'&2!*:'!=&''5)-!*)!%'7'&8?'!*:'!-)2*!()D'&=$%!82('9*2!)=!*'9:6)%)?;<!2$9:!82!-)34%4*;<!46=)&-8*4)6!2:8&46?!865!9)%%83)&8*4)6@!!!a:4%'!-$9:!(&)?&'22!:82!3''6!-85'!)7'&!*:'!;'8&2!46!2'9$&46?!6'*D)&C2!865!46=)&-8*4)6<!:'85%46'B?&83346?!2*)&4'2!)=!-8%494)$2!74&$2'2<!58*8!3&'89:'2<!9&4-'!2;65498*'!9;3'&!8**89C2!)&!%)2*!%8(*)(2!D4*:!*:)$28652!)=!2'624*47'!9$2*)-'&!&'9)&52!2'&7'!82!8!&'-465'&!*:8*!*:'!6'>*!2'9$&4*;!3&'89:!42!6)*!8!-8**'&!)=!h4=i!3$*!hD:'6@i!!!!
!!!!!!!!!!!! !
!"#$%&$'(%)*"+,-.&+/)&*+-0+1*%2*$3)'+4%)-%)5$&+0-%+6786+
!"#$
%&#$
%%#$
%%#$
%%#$
%'#$
(#$
"#$
'#$
'#$
'!#$
&(#$
&"#$
&)#$
&)#$
&%#$
&)#$
&!#$
&)#$
!)#$
&*#$
)*#$
)%#$
)&#$
)&#$
)'#$
)"#$
+*#$
+%#$
(%#$
1-')29+:$*;-%<)=3+,$'>=-9-3)$&++
?(&)=$&&+@=*$99)3$='$++
,$9$'-AA(=)'25-=&++
B)%*(29)C25-=+
D-#)9)*"++
!9-(E+!-A.(5=3++
:$*;-%<+@=0%2&*%('*(%$+
F)&2&*$%+G$'-H$%"+
F2*2+1*-%23$+
!"#$%&$'(%)*"+
,-./$01-21-34$
5-6678$01-21-34$
92:$01-21-34$
1-(%'$I+!-A.,@JK&+!"#$%&&'()$*&+,-.(/,&$012'-3"4$5-1&67$&*(E"+?2&$I+L77+MN1N+@,+2=E+#(&)=$&&+$O$'(5H$&+P2<2+$=E+(&$%&Q+%$&.-=&)#9$+0-%+&$'(%)*"+
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! O!
.:'!58*8!465498*'2!*:'!(&4)&4*4Y8*4)6!)=!2'9$&4*;!42!*&'6546?!$(D8&52!D:'6!9)-(8&'5!*)!=46546?2!=&)-!*:'!(&'74)$2!4*'&8*4)6!)=!*:'!2*$5;!cJU+Ud!D:'&'!OW^!&8*'5!46=)&-8*4)6!2'9$&4*;!82!8!:4?:!`$(('&!%'7'%!(&4)&4*;!9)-(8&'5!*)!*:'!e+^!D:)!&8*'!4*!82!8!:4?:!(&4)&4*;!*)58;@!G4-4%8&!*)!(&'74)$2!;'8&2<!%8&?'&!=4&-2!(%89'!8!:4?:'&!(&4)&4*;!)6!2'9$&4*;!D:'6!9)-(8&'5!*)!2-8%%!)&!-'54$-!24Y'5!=4&-2!82!*:';!-8;!:87'!-)&'!899'22!()46*2!)&!-)&'!2'624*47'!58*8!*)!(&)*'9*@!/6=)&-8*4)6!2'9$&4*;!42!%4C'%;!*)!9)6*46$'!*)!3'!8!*)(!*4'&!8&'8!)=!46*'&'2*!82!465498*'5!3;!*:'!9:8&*!3'%)D@!!!
!!78+29(2:&524#-6,%(#2&7+.$-(%0&
!.:'!)6?)46?!=)9$2!)6!2'9$&4*;!:82!*&862%8*'5!*)!&)3$2*!28%'2!)=!2'9$&4*;!(&)5$9*2!865!2'&749'2@!,)6245'&!*:'!=)%%)D46?"!
• 099)&546?!*)!*:'!&'2'8&9:!=4&-!E8&*6'&<!D)&%5D45'!2'9$&4*;!2)=*D8&'!28%'2!&'89:'5!83)$*!f+g@Q!34%%4)6!46!JU+U<!8!+J^!469&'82'!)7'&!JUUW!&'7'6$'@!.:'!*)(!Q!(%8;'&2!46!*:'!2(89'<!G;-86*'9<!H90=''<!.&'65!H49&)<!/ZH!865!NH,<!899)$6*'5!=)&!OO^!)=!*:42!-8&C'*@!!
• 0554*4)68%%;<!E8&*6'&!=)&'982*2!?%)38%!2'9$&4*;!2'&749'2!2('6546?!*)!&'89:!fMQ@+!34%%4)6!46!JU++!865!8*!%'82*!fOW@+!34%%4)6!3;!JU+Q@!.:'!T)&*:!0-'&4986!&'?4)6!42!*:'!%8&?'2*!-8&C'*!865!42!'2*4-8*'5!*)!&'89:!f+W!34%%4)6!3;!JU+Q@!
!"#$%&"'()*+,#%-.(,/$%$"%0,,(%1"/2#%"*%3,/24+$5%67,4%$8,%9,.$%:%;,)4#%
!"#
!$"#
%&"#
''"#
!"#
!("#
%!"#
'!"#
!"<,4)$,=5%"4%3+>*+?/)*$=5%@"A,4%B4+"4+$5%
9"%&8)*>,%
!"<,4)$,=5%C+>8,4%B4+"4+$5%
3+>*+?/)*$=5%C+>8,4%B4+"4+$5%
:%;,)4#%D4"'%9"A%1"4,/)#$%
&"'()4,<%$"%:%;,)4#%E>"%
3"24/,F%&"'(GHEI#%!"#$%&&'()$*&+,-.(/,&$012'-3"4$5-1&67$#$2<5%J)#,F%KLL%MN3N%HG%)*<%O2#+*,##%,.,/2P7,#%Q)R)%,*<%2#,4#S%4,#("*#+O=,%D"4%#,/24+$5%
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! Q!
• /V,!=)&'982*2!8&'!2%4?:*%;!:4?:'&<!2:)D46?!D)&%5D45'!2'9$&4*;!2'&749'2!8*!+Q^!&8*'!c,0ERd!5$&46?!*:'!JU+U!L!JU+Q!*4-'!('&4)5@!R'7'6$'2!8&'!'>('9*'5!*)!'>9''5!fMW@Q!34%%4)6!46!JU++<!?&)D46?!*)!8%-)2*!fgM!34%%4)6!3;!JU+Q@!
• #)&!*:'!6'*D)&C!9)-()6'6*!)=!*:'!2'9$&4*;!-8&C'*<!9)6242*46?!)=!:8&5D8&'!865!2)=*D8&'!D4*:!=$69*4)68%4*;!*:8*!469%$5'2!=4&'D8%%2<!jPT2<!46*&$24)6!(&'7'6*4)6!865!5'*'9*4)6<!865!-$%*4B($&()2'!2'9$&4*;<!/V,!&'()&*'5!&'7'6$'!*)*8%2!)=!fX@J!34%%4)6!46!JU++<!$(!)7'&!X^!=&)-!*:'!(&'74)$2!;'8&@!.:'!=)&'982*!86*494(8*'2!2)=*D8&'!?&)D46?!8*!8!=82*'&!&8*'!*:86!:8&5D8&'<!D4*:!2)=*D8&'B382'5!2)%$*4)62!-8C46?!$(!)7'&!Jg^!)=!*:'!-8&C'*!3;!JU+O@!!
• /6=)6'*492!'>('9*2!*:'!-868?'5!2'9$&4*;!2'&749'2!-8&C'*!*)!?&)D!83)$*!+M^!46!JU++<!865!=)&'982*2!&'7'6$'2!*)!&'89:!f+g@X!34%%4)6!46!JU+Q<!D4*:!*:'!2*&)6?'2*!?&)D*:!9)-46?!=&)-!*:'!G88G!c2'9$&4*;B82B8B2'&749'd!2'?-'6*@!/6=)6'*492!8%2)!'>('9*2!*:'!G88G!2'?-'6*!)=!*:'!-8&C'*!*)!-)&'!*:86!5)$3%'!3'*D''6!JU++!865!JU+Q@!!
• I*:'&!'-'&?46?!?&)D*:!8&'82!469%$5'!2'9$&4*;!=)&!9%)$5!9)-($*46?!865!74&*$8%4Y'5!'674&)6-'6*2<!-)34%'!5'749'2<!&'-)*'!D)&C'&!2'9$&4*;!865!2)948%!6'*D)&C46?!2'9$&4*;@!!
!,)-(./012!!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56&G*$5;!=)$65!*:8*!=)$&!)$*!)=!=47'!9)-(864'2!'>('9*!*)!469&'82'!*:'4&!3$5?'*2!=)&!46=)&-8*4)6!*'9:6)%)?;@!E8&*6'&!'2*4-8*'2!*:8*!3$246'22'2!2('65!)6!87'&8?'!Q^!)=!*:'4&!/.!3$5?'*!)6!2'9$&4*;@!.:'!G*&8*'?49!G'9$&4*;!G$&7';!9)65$9*'5!3;!/6=)&-8*4)6!a''C!068%;*492!=)$65!*:8*!24-4%8&!*)!*:'!(&'74)$2!;'8&!8((&)>4-8*'%;!+!46!O!=4&-2!2('65!+U^!)&!-)&'!)=!*:'4&!/.!3$5?'*!)6!2'9$&4*;@!!&
&
;(2,2.(,<&=#)%&=0"+-)+.$-(%0&=-(6+&
!#&)-!86!RI/!('&2('9*47'<!*:'!&'2)$&9'2!5'7)*'5!*)!2'9$&4*;!2''-!A$2*4=4'5@!0!JU++!T)&*)6!,;3'&9&4-'!R'()&*!($*!*:'!9)2*!)=!9;3'&9&4-'!8*!f++O!34%%4)6!866$8%%;@!/=!%)2*!*4-'!42!=89*)&'5!46<!*:'!*)*8%!9)2*!42!'2*4-8*'5!*)!3'!fMXX!34%%4)6@!06)*:'&!2*$5;!3;!kP<!*:'!G'9)65!066$8%!,)2*!)=!,;3'&!,&4-'!G*$5;<!'2*4-8*'5!*:8*!*:'!-'5486!866$8%4Y'5!9)2*!)=!9;3'&9&4-'!469$&&'5!3;!8!3'69:-8&C!28-(%'!)=!)&?864Y8*4)62!D82!fQ@W!-4%%4)6!('&!;'8&<!D4*:!8!&86?'!)=!f+@Q!-4%%4)6!*)!fMg@Q!-4%%4)6!'89:!;'8&!('&!)&?864Y8*4)6<!86!469&'82'!)=!Qg^!=&)-!58*8!($3%42:'5!46
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! g!
=0"+-)+.$-(%0&,29&%'+&5>&?#-@4#-.+&
!.:'!9)6*46$'5!=)9$2!)6!46=)&-8*4)6!2'9$&4*;!:82!-'86*!*:8*!4*!42!)6'!)=!*:'!$64S$'!=4'%52!D:'&'!5'-865!'>9''52!2$((%;@!.:'!A)3!3)8&5!V49'@9)-!2:)D2!8!eW^!469&'82'!46!*:'!*)*8%!6$-3'&!)=!46=)&-8*4)6!2'9$&4*;!A)32!()2*'5!)6!*:'!24*'!=&)-!G'(*'-3'&!JUUW!*)!G'(*'-3'&!JU++@!.:'!Z$&'8$!)=!K83)&!G*8*42*492!462*4*$*'5!*:'!98*'?)&;!)=!46=)&-8*4)6!2'9$&4*;!868%;2*!46!JU++!865!*:'!6$-3'&!)=!*:)2'!D:)!9)6245'&!*:'-2'%7'2!46=)&-8*4)6!2'9$&4*;!868%;2*2!2*))5!8*!OM<UUU!=)&!*:'!('&4)5!0(&4%B[$6'!JU++@!.:42!&'(&'2'6*2!86!469&'82'!)=!+g^!)7'&!*:'!(&'74)$2!S$8&*'&@!V8*8!=&)-!*:'!ZKG!8%2)!6)*'5!*:8*!*:'!$6'-(%);-'6*!&8*'!D82!U^!=)&!*:)2'!'-(%);'5!46!*:42!98*'?)&;@!!!.)!($*!*:'!7'&;!%)D!$6'-(%);-'6*!8-)6?!46=)&-8*4)6!2'9$&4*;!868%;2*2!46!('&2('9*47'<!ZKG!58*8!($*2!*:'!$6'-(%);-'6*!&8*'!=)&!*:'!)7'&8%%!/.!)99$(8*4)6!98*'?)&;!8*!2%4?:*%;!$65'&!O^<!865!*:'!)7'&8%%!'9)6)-;!8*!X@Q^@!!0!2$&7';!9)65$9*'5!3;!*:'!2*8==46?!8?'69;!R)3'&*!k8%=!.'9:6)%)?;!(&'549*'5!*:8*!2'9$&4*;!A)32!D)$%5!3'!46!5'-865!46!JU+J@!.:'!2$&7';!8%2)!6)*'5!*:'!%89C!)=!2C4%%'5!('&2)66'%!D4*:!2('948%4Y'5!2C4%%2!*)!2*8==!*:'2'!)('646?2@!!.:'!4-()&*869'!)=!7'&4=483%'!C6)D%'5?'!42!:4?:%4?:*'5!3;!*:'!469&'8246?!5'-865!=)&!9'&*4=498*4)62!2$9:!82!,/GGP!865!,)-(./0!G'9$&4*;_@!!
,)-(./012!!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56!2*$5;!9)6=4&-2!*:'!54==49$%*;!=89'5!46!:4&46?!2C4%%'5!2'9$&4*;!('&2)66'%@!#)&*;!('&9'6*!)=!)&?864Y8*4)62!&'()&*!=8946?!9:8%%'6?'2!46!:4&46?!/.!2'9$&4*;!2('948%42*2@!
!
!
!
!
!
!
!
!
!
!"!#$!%&!'()*$#+*,-$.!/012(#2$32!45*662$)2.!#$!7#$8#$)!49:2(.23;(#<9!=123#*6#.<.!
!"#$
%&#$%'#$
()*$+,,-./01-2$$
()$ 324$$
=-;(32>!4-?1@ABC.!!"#$%&&'()$*&+,-.(/,&$012'-3"4$5-1&67$.<;89!D*.2>!E&&!FG=G!A@!*$8!:;.#$2..!2023;,H2.!I*J*!2$8!;.2(.K!(2.1-$.#:62!L-(!.23;(#<9!
526722$)8$9:0--2;62$1<$=.7>$?.@2$$M"N !=?*66!7#(?.!
"ON !P28#;?!7#(?.!
MQN !R*()2!7#(?.!
www.comptia.org
RE
SE
AR
CH
INFORMATION SECURITY TRENDS
N I N T H A N N U A L • F E B R U A R Y 2 0 1 2
S E C T I O N 2 : T H E S E C U R I T Y L A N D S C A P E -T H R E AT S A N D C H A L L E N G E S
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! e!
/+0&1#(2%)!!
B /6!JU++<!M!46!O!)&?864Y8*4)62!&'()&*'5!=4&2*:865!'>('&4'69'!D4*:!8!2'9$&4*;!46945'6*<!8!2%4?:*!469&'82'!)7'&!*:'!JU+U!&8*'<!899)&546?!*)!,)-(./0!58*8@!I6!87'&8?'<!)&?864Y8*4)62!&'()&*'5!e!46945'6*2<!D4*:!83)$*!:8%=!3'46?!9%8224=4'5!82!2'&4)$2@!/*12!6)*!A$2*!*:'!C6)D6!46945'6*2!D:49:!9)69'&6!9)-(864'2!*:)$?:<!3$*!469&'8246?%;!*:'!h$6C6)D62i!L!*:'!$65'*'9*'5!3&'89:'2!)&!7$%6'&834%4*4'2!*:8*!D4%%!46'74*83%;!98$2'!:8&-@!G'7'6*;B*:&''!('&9'6*!)=!)&?864Y8*4)62!&'()&*'5!5'=464*'%;!)&!(&)383%;!'>('&4'6946?!86!$65'*'9*'5!2'9$&4*;!3&'89:@!
!B .:'!8%%!'69)-(82246?!9;3'&2'9$&4*;!*:&'8*!C6)D6!82!-8%D8&'!*)(2!*:'!%42*!)=!9)69'&62!8-)6?!/.!
865!3$246'22!'>'9$*47'2!467)%7'5!D4*:!2'9$&4*;@!H8%D8&'!5422'-468*)&2!9)6*46$'!*)!&'%;!)6!8!78&4'*;!)=!*89*492!*)!384*!*:'4&!749*4-2<!2$9:!82!'-84%2<!D'324*'2!)&!*'>*2!D4*:!(&)-42'2!)=!9'%'3&4*;!(:)*)2!)&!745')@!G(8-!=4%*'&2<!86*474&$2!2)=*D8&'!865!'65!$2'&!*&84646?!?)'2!8!%)6?!D8;!*)D8&52!-464-4Y46?!*:42!&42C<!3$*!$6=)&*$68*'%;<!*:'2'!2''-46?%;!)374)$2!(%);2!268&'!'6)$?:!749*4-2!*)!C''(!*:'-!46!$2'@!/6!8554*4)6!*)!-8%D8&'<!)&?864Y8*4)62!'>(&'22'5!9)69'&6!D4*:!:89C46?!c'@?@!V)G!8**89Cd<!58*8!%)22!)&!%'8C8?'<!2)948%!'6?46''&46?!c'@?@!(:42:46?d!865!7$%6'&834%4*4'2!46!'-'&?46?!8&'82!c'@?@!9%)$5!9)-($*46?d@!
!B k$-86!'&&)&!9)6*46$'2!*)!3'!8!24?64=4986*!=89*)&!46!2'9$&4*;!3&'8C5)D62@!0!6'*!QM^!)=!/.!865!
3$246'22!'>'9$*47'2!28;!:$-86!'&&)&!42!-)&'!)=!8!=89*)&!*)58;!9)-(8&'5!*)!*D)!;'8&2!8?)!72@!JO^!*:8*!28;!*'9:6)%)?;!2:)&*9)-46?2!8&'!-)&'!)=!8!9)6*&43$*46?!=89*)&!*)58;@!R'2()65'6*2!46!*:42!2*$5;!(46!*:'!-)2*!3%8-'!)6!'65!$2'&21!=84%$&'!*)!9)-(%;!D4*:!*:'!9)&()&8*'!2'9$&4*;!()%49;@!I*:'&!=89*)&2!*:)$?:!=8%%!-)&'!)6!*:'!2:)$%5'&2!)=!*:'!/.!2*8==!&'2()6243%'!=)&!28='?$8&546?!*:'!)&?864Y8*4)6!L!6'8&%;!:8%=!)=!&'2()65'6*2!94*'!%89C!)=!'>('&*42'!46!2'9$&46?!D'324*'2!865!8((%498*4)62!82!8!:$-86!'&&)&!465$9'5!2)$&9'5!)=!3&'89:'2@!!
!&
&
&
&
&
&
&
&
&
&
&
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! X!
AB+-B(+C&7+.$-(%0&>'-+,%)&,29&=#2.+-2)&
!02!6)*'5!46!012"/,&$7!)=!*:42!(8('&<!9;3'&2'9$&4*;!&8*'2!82!8!*)(!(&4)&4*;!=)&!)&?864Y8*4)62!)=!8%%!24Y'2@!/*!42!6)*!:8&5!*)!$65'&2*865!D:;!L!2'9$&4*;!46945'6*2!9)2*!9)-(864'2!&'8%!-)6';@!!!/6!JU++<!M!46!O!)&?864Y8*4)62!&'()&*'5!=4&2*:865!'>('&4'69'!D4*:!8!2'9$&4*;!46945'6*<!8!2%4?:*!469&'82'!)7'&!*:'!JU+U!&8*'<!899)&546?!*)!,)-(./0!58*8@!a:4%'!='D!46945'6*2!&478%!*:'!298%'!)=!8!G)6;!3&'89:!cee!-4%%4)6!9)-(&)-42'5!9$2*)-'&!&'9)&52d<!'7'6!8!&'%8*47'%;!-46)&!2'9$&4*;!3&'89:!-8;!%'85!*)!24Y83%'!9)2*2<!'2('948%%;!4=!4*!-'862!&'(84&46?!8!58-8?'5!3&865!865!:8746?!*)!D46!389C!9$2*)-'&2@!!/*12!6)*!A$2*!*:'!C6)D6!46945'6*2!D:49:!9)69'&6!9)-(864'2!*:)$?:<!3$*!469&'8246?%;!*:'!h$6C6)D62i!L!*:'!$65'*'9*'5!3&'89:'2!)&!7$%6'&834%4*4'2!*:8*!46'74*83%;!98$2'!:8&-@!Z$246'22'2!5'*'2*!$69'&*846*;!865!2'9$&4*;!&'(&'2'6*2!8!78&483%'!*:8*!986!3'!-868?'5<!3$*!6'7'&!=$%%;!9)6*&)%%'5@!,)62'S$'6*%;<!/.!865!3$246'22!'>'9$*47'2!=89'!*)$?:!5'9424)62!46!5'*'&-4646?!*:'!)(*4-8%!8%%)98*4)6!)=!&'2)$&9'2!*)!467'2*!46!2'9$&4*;!5'='62'2@!G4-4%8&!*)!($&9:8246?!=4&'!462$&869'<!*))!%4**%'!986!3'!98*82*&)(:49<!D:4%'!*))!-$9:!986!3'!8!())&!$2'!)=!&'2)$&9'2@!#)&!2)-'!)&?864Y8*4)62<!4*!-8;!3'!9)-(%'*'%;!&8*4)68%!*)!467'2*!46!2'9$&4*;!5'='62'2!8*!)6'!%'7'%<!865!;'*<!468((&)(&48*'!=)&!)*:'&!)&?864Y8*4)62!D4*:!8!54=='&'6*!&42C!(&)=4%'@!!!!
!! !
!"#$%&"'("#&')*+,&#-'."/0,%&1'23/%4"3&#'5"6078,71'
9//0,'8&':+#&'9,683%;8<+3#'
!"#$%&'$()%*+,$-./+0$%1+23.4"&-1+5%.&63%-*7+84-+9)-+:;;<+
=>?+
@A?+
=B?+
C3*7+D3E%&-3;1+
F&G3;&/))6+)H+IJK3"&3%.&%#+$%+L%63-3.-36+23.4"&-1+5%.&63%-+
9)+C3*7+M")N$N;1+
BO?+ ='+>'+,683%;8<+3#'&?8&',"$+,&'"@$",%"3/%36'8'
#"/0,%&1'%3/%4"3&'%3'ABCC''
B+ :"83'D'+>'%3/%4"3&#'"@$",%"3/"4'
P+ :"4%83'D'+>'%3/%4"3&#'"@$",%"3/"4'
EF+36'+,683%;8<+3#'"@$",%"3/%36'8'#"/0,%&1'%3/%4"3&'%3'ABCC-'+3'8G",86"-'!"#'+>'&?"'%3/%4"3&#-'+,'8H+0&'?87>'+>'&?"'%3/%4"3&#'"@$",%"3/"4-'I","'/78##%J"4'8#'$%&'()$K'''
.+0,/"L'M+F$N2EO#!"#$!%&&'()!*+,'-.#/!0-+&12!#&041'(8#"L'PBB'QK.K'2N'+,'(0#%3"##'"@"/0<G"#'R8S8'"34'0#",#T'
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! W!
a:4%'!2'9$&4*;!9)69'&62!C''(!-86;!'>'9$*47'2!$(!8*!64?:*<!4*12!D)&*:!C''(46?!46!-465!*:8*!4*!42!6)*!8%%!385!6'D2@!/-(&)7'-'6*2!46!*'9:6)%)?;<!()%49;!865!*&84646?!:87'!%'5!*)!='D'&!7$%6'&834%4*4'2!865!3'**'&!2'9$&4*;!5'='62'2@!.:'!2'9$&4*;!7'65)&!G;-86*'9!&'9'6*%;!&'()&*'5!*:8*!4*!'>('9*2!*)!2''!8!MU^!5&)(!46!*:'!*)*8%!6$-3'&!)=!2)=*D8&'!7$%6'&834%4*4'2!5429%)2'5!*)!*:'!($3%49!5$&46?!JU++@!E&'8*'&!'-(:8242!)6!2'9$&4*;!8-)6?!8!6$-3'&!)=!)('&8*46?!2;2*'-2!865!(%8*=)&-2<!2$9:!82!H49&)2)=*!865!05)3'<!8%)6?!D4*:!3'**'&!9;3'&!'6=)&9'-'6*!:82!9)6*&43$*'5!*)!*:42!4-(&)7'-'6*@!!!N7'6!D4*:!*:'2'!469&'-'6*8%!4-(&)7'-'6*2<!*:'!2'9$&4*;!8&-2!&89'!9)6*46$'2@!02!8!&'2$%*<!*:'!782*!-8A)&4*;!)=!/.!865!3$246'22!'>'9$*47'2!cXM^d!3'%4'7'!*:'!2'9$&4*;!*:&'8*!%'7'%!42!)6!*:'!&42'@!,)-(./0!58*8!2$??'2*2!*:'&'!42!6)!246?%'!)7'&&4546?!=89*)&<!3$*!&8*:'&!8!9)-3468*4)6!)=!'%'-'6*2!*:8*!'89:!9:4(!8D8;!8*!46=)&-8*4)6!28='*;!865!2'9$&4*;!5'='62'2!46!2)-'!D8;@!!!
!!! !
!"#$%&'()*+%",')-"."/)0"&1+2)34)5%1,4&6,7342)
!"#
$%"#
&'"#
!("#
%"#
!)"#
&*"#
%+"#
8"#%",2&41)93:"%,'"/()3%)2&14&;#,4'/()
<3)#+,41")&4)2"#$%&'()'+%",')/"."/)
=4#%",2&41)93:"%,'"/()
*+%",')/"."/)&4#%",2&41)2&14&;#,4'/()
%'!!#
%'!'#
!3$%#">)?39@*=AB2!"#$!%&&'()!*+,'-.#/!0-+&12!2'$:()C,2">)DEE)FG!G)=*)3%)C$2&4"22)"H"#$7."2)I,J,)"4:)$2"%2K)
L"%#"@7342)3M)#+,41")&4)2"#$%&'()'+%",')/"."/>)NEOO).2G)NEOE)
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +U!
.:'!8%%B'69)-(82246?!2'9$&4*;!*:&'8*!C6)D6!82!-8%D8&'!*)(2!*:'!%42*!)=!9)69'&62!8-)6?!)&?864Y8*4)62!c2''!9:8&*!3'%)Dd@!E47'6!*:'!2:''&!7)%$-'!)=!C6)D6!-8%D8&'<!2$9:!82!74&$2'2<!.&)A862<!2(;D8&'<!85D8&'<!D)&-2!865!3)*6'*2<!'2*4-8*'5!3;!P8658K832!*)!'>9''5!eM<UUU!6'D!2*&8462!9&'8*'5!584%;!46!JU++<!*:'!6$-3'&!)=!2'9$&4*;!3&'89:'2!9)$%5!9'&*846%;!3'!8!%)*!D)&2'@!.:'!'9)6)-492!2*4%%!=87)&!*:42!h-822!-8&C'*i!8((&)89:@!a4*:!&'%8*47'%;!%)D!9)2*2!*)!9&'8*'!-8%D8&'<!9)-346'5!D4*:!%)D!542*&43$*4)6!9)2*2<!4*!)6%;!*8C'2!8!='D!749*4-2!*)!-8C'!8!-8%D8&'!7'6*$&'!(&)=4*83%'@!T'8&%;!:8%=!)=!&'2()65'6*2!46!*:42!2*$5;!7)49'!9)69'&6!)7'&!899'2243%'<!'82;!*)!$2'!-8%D8&'!865!:89C46?!*))%2!*:8*!)('6!*:'!5))&!*)!9&4-468%!3':874)&!8-)6?!8!-$9:!%8&?'&!())%!)=!4654745$8%2@!!!099)&546?!*)!P8658K832<!eQ^!)=!6'D!-8%D8&'!2*&8462!46!JU++!D'&'!.&)A862!L!9)5'!5'24?6'5!*)!:45'!)6!8!$2'&12!9)-($*'&!)&!-)34%'!5'749'!865!*&862-4*!46=)&-8*4)6<!2$9:!82!8!9&'54*!98&5!6$-3'&<!389C!*)!4*2!)&4?468*)&2@!#)%%)D46?!.&)A862!46!*'&-2!)=!=&'S$'69;!D'&'!74&$2'2<!D)&-2<!85D8&'!865!*:'6!8!='D!)*:'&!-46)&!98*'?)&4'2@!!
!!! !
!""#""$%&'()#'*+,#-"#./-$(+'01%2".13#'!"#$%&'()*+,#"%,) *-.,/")&,)0%",1)
!"#$%&'()0-%".'2)3+1"%.'")*+,#"%,)
!"%&+$2)*+,#"%,)
4+)*-.,/")5)6"22)*%&7#.8)
0+1.()
3+%"))*%&7#.8))0+1.()
41561-#'7#8&8'9$-/"#":'6;-<":'(-;=1%":',;(%#(":'#(.8>' ??@' AB@' CD@' AD@'
E1.F$%&'7#8&8'G;H'1I1.F:'!JK:'#(.8>' ?B@' BL@' CM@' BN@'
G1(1'5;""O5#1F1&#' ?C@' BC@' B?@' CL@'P%2#-"(1%2$%&'"#./-$(+'-$"F"';Q'#<#-&$%&'1-#1":'$8#8'.5;/2:'<;,$5#:'";.$15' CM@' BR@' CB@' BB@'
H;.$15'#%&$%##-$%&OJ)$")$%&' CR@' CA@' CS@' BR@'
T%(#%U;%15'1,/"#',+'$%"$2#-":'$8#8'"(1V:'.;%(-1.(;-"' ?N@' CM@' AM@' ?S@'
J)+"$.15'"#./-$(+'()-#1("'7#8&8'()#W';Q'1'2#9$.#>' CR@' ?S@' AC@' ?A@'01.F'O'$%12#X/1(#'#%Q;-.#<#%(';Q'.;<31%+'"#./-$(+'3;5$.+' CB@' ?B@' AN@' ?M@'
01.F';Q',/2&#(O"/33;-('Q;-'$%9#"U%&'$%'"#./-$(+' CM@' ??@' A?@' ?L@'
E/<1%'#--;-'1<;%&'#%2Y/"#-"' BB@' ?M@' AN@' ?M@'
E/<1%'#--;-'1<;%&'TK'"(1V' CR@' ?R@' LM@' MN@'
H;/-.#Z'*;<3KT!["!"#$!%&&'()!*+,'-.#/!0-+&12!"(/2+'\1"#Z'BDD'P8H8'TK';-'\/"$%#""'#]#./U9#"'71F1'#%2'/"#-">'
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! ++!
H8%D8&'!5422'-468*)&2!9)6*46$'!*)!&'%;!)6!8!78&4'*;!)=!*89*492!*)!384*!*:'4&!749*4-2<!2$9:!82!'-84%2<!D'324*'2!)&!*'>*2!D4*:!(&)-42'2!)=!9'%'3&4*;!(:)*)2!)&!745')@!099)&546?!*)!H90=''<!*:'!=)&-'&!-)5'%!k'454!\%$-!&86C'5!82!*:'!-)2*!586?'&)$2!9'%'3&4*;!46!JU++@!G'8&9:'2!=)&!\%$-!&'2$%*'5!46!8!+!46!+U!9:869'!)=!%86546?!)6!8!-8%494)$2!24*'@!I*:'&!6)*83%'!'7'6*2!46!JU++<!2$9:!82!I28-8!Z46!K85'612!5'8*:<!*:'!R);8%!D'5546?!865!*:'
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +J!
=#2%-("$%(2:&;,.%#-)!!G'7'&8%!-89&)!*&'652!(&)745'!9)6*'>*!*)!*:'!9$&&'6*!865!5'7'%)(46?!2'9$&4*;!%865298('@!,429)!'2*4-8*'2!*:8*!3;!JUJU!*:'&'!D4%%!3'!QU!34%%4)6!h*:46?2i!9)66'9*'5!748!*:'!/6*'&6'*@!/ZH!3%)D2!*:42!=)&'982*!8D8;!3;!(&)A'9*46?!+!*&4%%4)6!/6*'&6'*!9)66'9*'5!5'749'2!3;!JU+Q@!.:'2'!(&)?6)2*498*)&2!'>('9*!86!'>(%)24)6!)=!9)66'9*474*;!8-)6?!*:'!D87'2!)=!h*:46?2i!2$9:!82!7':49%'2<!8((%4869'2<!-89:46'&;<!3$4%546?2!865!)*:'&!2*&$9*$&'2<!-8*'&48%2<!865!'7'6!(')(%'!*:8*!D4%%!'7'6*$8%%;!9)6*846!-49&)9:4(2!865!/P!855&'22'2@!a4*:!'89:!*)$9:!()46*!9)-'2!*:'!()*'6*48%!=)&!6'D!2'9$&4*;!7$%6'&834%4*4'2@!,)-(8&'5!*)!*:'!JU+U!,)-(./0!2*$5;<!&'2()65'6*2!*:42!;'8&!'>(&'22!-)&'!9)69'&6!)7'&!*:'!?&)D46?!46*'&9)66'9*474*;!)=!5'749'2!865!2;2*'-2@!!06)*:'&!-89&)!*&'65!*:8*!9)6*46$'2!*)!899'%'&8*'!42!*:'!5''('646?!&'%4869'!)6!*:'!D'3@!G)=*D8&'B82B8B2'&749'!cG88Gd<!86!'%'-'6*!)=!9%)$5!9)-($*46?<!42!6)D!*:'!5'!=89*)!2*8658&5!=)&!-86;!8((%498*4)62@!,)-(./012!JU++!;),'5$;,.>'"/&:!2*$5;!2:)D2!'7'&!?&'8*'&!6$-3'&2!)=!)&?864Y8*4)62!-)746?!)6B(&'-42'!/.!46=&82*&$9*$&'!*)!*:'!9%)$5@!a4*:!2-8&*(:)6'!85)(*4)6!&8*'2!8((&)89:46?!QU^<!8%)6?!D4*:!*:'!'>(%)247'!?&)D*:!)=!*83%'*2<!*:'!-)34%'!D'3!:82!3'9)-'!('&78247'@!,)-346'5<!*:42!&'%4869'!)6!*:'!D'3!&'S$4&'2!54=='&'6*!2'9$&4*;!2*&8*'?4'2!*:86!*:'!)6!(&'-42'!-)5'%2!)=!)%5@!!!#)&!GHZ2!'2('948%%;<!$246?!)$*58*'5!2)=*D8&'!42!8!34?!422$'@!#)&!'>8-(%'<!5'2(4*'!H49&)2)=*12!3'2*!'==)&*2!*:'&'!8&'!2*4%%!$2'&2!*:8*!9%46?!*)!*:'!+UB;'8&B)%5!/Ng!D'3!3&)D2'&@!Z'98$2'!)=!%89C!)=!/.!2)(:42*498*4)6<!GHZ2!-8;!8%2)!8%%)D!2)=*D8&'!%49'62'2!*)!%8(2'!D4*:!*:'!46*'6*!)=!28746?!8!='D!5)%%8&2@!06;!-46)&!2:)&*!*'&-!?8462!9)$%5!3'!S$49C%;!)==2'*!3;!8!2'9$&4*;!46945'6*!5$'!*)!6)*!:8746?!899'22!*)!(8*9:'2!865!)*:'&!2)=*D8&'!$(58*'2@!!!
!"#$%&'()&*+*,-(./01&'1#2&*$/(.%,#1&,'(
3%2(.%56789:'!"#$!%&&'()!*+,'-.#/!0-+&12!'$2;/(<"'14(=>>(?@3@(87(%&(<2'*,1''(1A1#2B+1'(C"D"(1,;(2'1&'E(
!" #$%&'(%)"
=FG( H&1"$1&(*,$1&#%,,1#B+*$/(%I(;1+*#1'J('/'$15'J(2'1&'(
=>G( K%&1(&1L*",#1(%,(8,$1&,1$M0"'1;("66L*#"B%,'J(*@1@(#L%2;(#%562B,-J('%NO"&1M"'M"M'1&+*#1(
PQG( H&%O*,-(#&*5*,"L*R"B%,(",;(%&-",*R"B%,(%I(S"#D1&'(5%B+"$1;(0/(T,",#*"L(-"*,(
PUG( H&1"$1&("+"*L"0*L*$/(%I(1"'/M$%M2'1(S"#D*,-($%%L'J("LL%O*,-(1"'*1&(1,$&1(*,$%(S"#D*,-(
PVG( W*'1(%I('%#*"L(,1$O%&D*,-(
PVG( 3%6S*'B#"B%,(%I('1#2&*$/($S&1"$'(1A#11;*,-(87('$"XY'(1A61&B'1($%($SO"&$($S15(
Z[G( \%L251(%I('1#2&*$/($S&1"$'(1A#11;*,-(#"6"#*$/($%($SO"&$($S15(
Z[G( .%,'251&*R"B%,(%I(87(](-&1"$1&(2'1(%I(#%,'251&M%&*1,$1;(;1+*#1'(%&("66L*#"B%,'(
ZVG( .S"LL1,-1'(*,(T,;*,-(%&($&"*,*,-(156L%/11'(O*$S('1#2&*$/(1A61&B'1(
ZZG( .%,B,21;(2'1(%I(L1-"#/(%61&"B,-('/'$15'J(O10(0&%O'1&'J(1$#@(
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +M!
F$6,2&M--#-&,29&5%)&568,.%&524#-6,%(#2&7+.$-(%0!!a:'6!82C'5!*)!8224?6!&'2()62434%4*;!=)&!&'9'6*!2'9$&4*;!46945'6*2<!QJ^!)=!&'2()65'6*2!46!*:42!2*$5;!8%%)98*'5!3%8-'!*)!:$-86!'&&)&!c5)D6!2%4?:*%;!=&)-!QW^!46!JU+Ud!865!OX^!8%%)98*'5!3%8-'!*)!8!*'9:6)%)?;!2:)&*9)-46?@!I374)$2%;<!*:'&'!42!8!-$&C;!-455%'!8&'8!D:'&'!:$-86!'&&)&!865!*'9:6)%)?;!'&&)&!46*'&2'9*<!-8C46?!4*!54==49$%*!*)!899$&8*'%;!8224?6!3%8-'@!#)&!'>8-(%'<!4=!8!2'9$&4*;!8((%498*4)6!)&!8((%4869'!(&)7'2!54==49$%*!*)!$2'<!42!4*!*:'!=8$%*!)=!*:'!*'9:6)%)?;!7'65)&!=)&!86!)7'&%;!9)-(%'>!5'24?6!)&!*:'!=8$%*!)=!/.!2*8==!=)&!6)*!5'7)*46?!'6)$?:!*4-'!*)!=4?$&46?!)$*!:)D!*)!$2'!4*!(&)('&%;l!P&)383%;!2)-'!)=!3)*:@!!0!6'*!QM^!)=!/.!865!3$246'22!'>'9$*47'2!28;!:$-86!'&&)&!42!-)&'!)=!8!=89*)&!*)58;!9)-(8&'5!*)!*D)!;'8&2!8?)!72@!JO^!*:8*!28;!*'9:6)%)?;!2:)&*9)-46?2!8&'!-)&'!)=!8!9)6*&43$*46?!=89*)&!*)58;@!!!R'%8*47'!*)!)*:'&!2'9$&4*;!9)69'&62!c2''!9:8&*!)6!(8?'!+Ud<!:$-86!'&&)&!&86C2!82!8!%'22'&!9)69'&6@!03)$*!+!46!M!&8*'!'65!$2'&!'&&)&!82!8!2'&4)$2!9)69'&6!9)-(8&'5!*)!gQ^!&8*46?!-8%D8&'!8!2'&4)$2!9)69'&6@!R'8546?!3'*D''6!*:'!%46'2!*:)$?:!&'7'8%2!86!'%'-'6*!)=!:$-86!'&&)&!46!A$2*!83)$*!'7'&;!*:&'8*@!,)69'&6!)7'&!2)948%!'6?46''&46?<!469&'8246?%;!2)(:42*498*'5!9;3'&8**89C2<!865!C''(46?!$(!D4*:!'-'&?46?!8&'82!2$9:!82!*:'!9%)$5!)&!-)34%4*;<!8%%!467)%7'!'-(%);''2!865!*:'!5'9424)62!*:';!-8C'@!!!/.!2)%$*4)6!(&)745'&2!865!2'9$&4*;!7'65)&2!2'%%46?!)6%;!*'9:6)%)?;!5)!9$2*)-'&2!8!5422'&749'@!a4*:)$*!*&$%;!=89*)&46?!46!*:'!:$-86!9)-()6'6*<!2'9$&4*;!5'='62'2!D4%%!8%D8;2!3'!4685'S$8*'@!! !
!"#$%&#$
'(#$"#$
!)#$
!"#$%&'(()(&*)%+%",-&.)&/,&$&012%134$%.&5$4.)(&1%&0,4"(1.6&7(,$89):%-&*+,-.$/0010$23451.46783$910$
:86;<=8>$?103$:3@+06=>$A.@6B3.=4$
C3@<.181;>$4<10=@1,6.;4$,103$19$-$9-@=10$
D.BE$*+,-.$/0010$A.@03-46.;8>$-$F-@=10$6.$:3@+06=>$A.@6B3.=4$
*+,-.$30010$,103$19$-$9-@=10$
G1$$@<-.;3$6.$-881@-H1.$$0)"(4,;&*)#<=>?@-!"#$!%&&'()!*&+,-.(/,&!012'-3#4!5-1&67!-."96&
7$-,;&ABB&CD0D&>=&)(&7"-1%,--&,E,4"+F,-&G$8$&,%9&"-,(-H&
&(#$
)%#$
012%134$%.I6&#)(,&
J)9,($.,I6&#)(,&
C3@<.181;>$:<10=@1,6.;4$
*+,-.$/0010$
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +O!
k$-86!'&&)&!986!*;(498%%;!3'!54745'5!46*)!*D)!(&4-8&;!98*'?)&4'2"!+d!#84%$&'!*)!=)%%)D!*:'!&$%'2<!'4*:'&!46*'6*4)68%%;!)&!$646*'6*4)68%%;<!865!Jd!#84%$&'!*)!$65'&2*865!*:'!&$%'2!865`)&!3'2*!(&89*49'2@!Z)*:!8&'!8!=$69*4)6!)=!*&84646?!865!'>('&*42'!L!=)&!-)&'!)6!*:42!*)(49<!2''!012"/,&$?!)=!*:42!&'()&*@!!!!R'2()65'6*2!46!*:42!2*$5;!(46!*:'!-)2*!3%8-'!)6!'65!$2'&21!=84%$&'!*)!9)-(%;!D4*:!*:'!9)&()&8*'!2'9$&4*;!()%49;@!.:42!-8;!'6*84%!2''-46?%;!:8&-%'22!89*474*4'2!2$9:!82!2('6546?!*4-'!)6!#89'3))C<!2*&'8-46?!-$249!)&!745')!=4%'2!)&!*&;46?!*)!98*9:!$(!)6!D)&C!3;!*&862()&*46?!9)&()&8*'!=4%'2!*)!8!:)-'!9)-($*'&!748!8!=%82:!5&47'!*)!=4642:!)7'&!*:'!D''C'65@!H)&'!2'&4)$2!74)%8*4)62!)=!9)-(86;!()%49;!-8;!469%$5'!46*'6*4)68%%;!94&9$-6874?8*46?!28='?$8&52<!462*8%%46?!6)6B8((&)7'5!2)=*D8&'!)&!$246?!6)6B8((&)7'5!5'749'2@!!!02!'>('9*'5<!)&?864Y8*4)62!*:8*!'>('&4'69'5!8!:4?:!%'7'%!)=!2'9$&4*;!46945'6*2!46!JU++!&'()&*!?&'8*'&!9)69'&6!46!8&'82!2$9:!82!%89C!)=!/.!'>('&*42'!D4*:!8((%498*4)62!865!6'*D)&C2@!.:'2'!*;('2!)=!)&?864Y8*4)62!8(('8&!*)!3'!$65'&!467'2*'5!46!/.!2*8==46?<!-8C46?!*:'-!()*'6*48%%;!45'8%!9865458*'2!=)&!8!-868?'5!2'9$&4*;!2'&749'2!&'%8*4)62:4(@!!!!
!!!&
&
!"#$%&'(")(*#+,-(.$$"$(/0,/(1"-/$23#/&'(/"(!&%#$2/4(5$&,%0&'67-%28&-/'(
!"#$%&'(()(*+(,-.%*/.0"(,12*3)%0.(%4*/#$55*6,(#4*
7.8,"#*6,(#4*
9$(:.**6,(#4*
6.;*/.0"(,12*<%0,8.%14*
=>?@*
7$%2*/.0"(,12*<%0,8.%14*=ABB@*
9,2:#$&(")(&-8;#'&$'(/"()"::"<('&%#$2/4(=$"%&8#$&'(,-8(=":2%2&'( >?@( >>@( AB@( >C@( AD@(
E,%F(")('&%#$2/4(&G=&$H'&(<2/0(<&3'2/&'(,-8(,==:2%,H"-'( AI@( >?@( AJ@( CJ@( B?@(
9,2:#$&(")(7K('/,L(/"()"::"<('&%#$2/4(=$"%&8#$&'(,-8(=":2%2&'( CJ@( C>@( AA@( CC@( >>@(
7-,8&M#,/&($&'"#$%&'(;(-"/(&-"#N0(7K('/,L(H+&(/"(+,-,N&('&%#$2/4(/0$&,/'( C>@( CO@( A?@( CC@( C>@(
E,%F(")('&%#$2/4(&G=&$H'&(<2/0(-&/<"$F'P('&$Q&$'(,-8("/0&$(2-)$,'/$#%/#$&( C>@( CB@( CC@( OB@( >D@(
9,2:#$&(")('/,L(/"(N&/(#=(/"('=&&8(<2/0(-&<(/0$&,/'(R&SNS(+"32:2/4P('"%2,:(+&82,P(%:"#8P(&/%ST( C?@( CD@( A?@( CO@( CI@(
U&-&$,:(-&N:2N&-%&(6(%,$&:&''-&''(/"<,$8'('&%#$2/4( CV@( O>@( C>@( CV@( OA@(
7-/&-H"-,:(82',3:2-N(")('&%#$2/4(R&SNS(/"(8"<-:",8(,(-"-;,==$"Q&8(,==:2%,H"-T( DA@( DA@( DC@( D>@( DB@(
!"#$%&W(1"+=K7XY'!"#$!%&&'()!*&+,-.(/,&!012'-3#4!5-1&67!'/#84(5,'&W(>??(ZS!S(7K("$(5#'2-&''(&G&%#HQ&'(R,F,(&-8(#'&$'T(
www.comptia.org
RE
SE
AR
CH
INFORMATION SECURITY TRENDS
N I N T H A N N U A L • F E B R U A R Y 2 0 1 2
S E C T I O N 3 : E M E R G I N G T R E N D S
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +Q!
/+0&1#(2%)!!
B a4*:!)&?864Y8*4)62!(&)5$946?!-)&'!58*8!*:86!'7'&!3'=)&'<!*:'!*:&'8*!)=!%)22!865!%'8C8?'!:82!469&'82'5!82!D'%%@!,)-(./0!&'2'8&9:!465498*'2!2%4?:*%;!-)&'!*:86!:8%=!)=!)&?864Y8*4)62!C6)D46?%;!'>('&4'69'5!58*8!%)22`%'8C8?'@!0-)6?!*:)2'!'>('&4'6946?!8!%)22<!2'624*47'!9)&()&8*'!=4686948%!58*8!D82!94*'5!8*!*:'!:4?:'2*!&8*'!cgQ^d@!V8*8!46!-)*4)6!c'@?@!$6'69&;(*'5!'-84%d!?'6'&8*'5!*:'!?&'8*'2*!9)69'&6<!=)%%)D'5!3;!58*8!8*!&'2*@!!
B G)948%!*'9:6)%)?4'2!:87'!?&)D6!8*!8!2*8&*%46?!&8*'@!0&?$83%;<!*:'!2'9$&4*;!*:&'8*!%'7'%!:8261*!3''6!82!2'7'&'!82!-4?:*!3'!'>('9*'5@!.:8*!-8;!9:86?'!*:)$?:@!0!6'*!Xe^!)=!/.!865!3$246'22!'>'9$*47'2!&8*'!2)948%!'6?46''&46?!865!(:42:46?`2('8&!(:42:46?!8!2'&4)$2!)&!-)5'&8*'!2'9$&4*;!9)69'&6@!0!6'8&%;!'S$8%!6$-3'&!3'%4'7'!&42C2!822)948*'5!D4*:!2)948%!6'*D)&C46?!8&'!)6!*:'!&42'@!
!B 02!)&?864Y8*4)62!*&8624*4)6!=&)-!%)DB&42C<!h*'2*!*:'!D8*'&2i!$2'!)=!9%)$5!9)-($*46?!*)!-4224)6!
9&4*498%!$2'<!2'9$&4*;!D4%%!%4C'%;!3'9)-'!8!-$9:!34??'&!422$'@!,)-(./0!&'2'8&9:!&'7'8%2!*:'!2*&)6?'2*!9)69'&62!8&)$65!2;2*'-!5)D6*4-'!)=!9%)$5!(&)745'&2<!58*8!'>()2$&'!5$&46?!*&862='&2!3'*D''6!)6B(&'-42'!865!9%)$5!2;2*'-2<!*:'!(:;2498%!2'9$&4*;!)=!9%)$5!58*8!9'6*'&2!865!58*8!2'?&'?8*4)6!46!8!-$%*4B*'686*!'674&)6-'6*@!V'2(4*'!*:'!2'9$&4*;!9)69'&62<!)6%;!JW^!)=!)&?864Y8*4)62!&'()&*!9)65$9*46?!8!:'87;!&'74'D!)=!*:'4&!9%)$5!2'&749'!(&)745'&12!2'9$&4*;!()%494'2<!(&)9'5$&'2!865!98(834%4*4'2@&
&
B .:'!6$-3'&2!2('8C!=)&!*:'-2'%7'2"!JU++!D82!*:'!=4&2*!;'8&!D:'&'!D)&%5D45'!$64*!28%'2!)=!-)34%'!5'749'2!cD4&'%'22!(:)6'2!_!*83%'*2d!'9%4(2'5!28%'2!)=!P,2!c5'2C*)(2!_!%8(*)(2d@!065!;'*<!='D!)&?864Y8*4)62!:87'!4-(%'-'6*'5!D:8*!D)$%5!3'!9)6245'&'5!8!9)-(&':'6247'!-)34%'!2'9$&4*;!2*&8*'?;@!.:'!-)2*!9)--)6!28='?$8&5!42!*:'!$2'!)=!(8229)5'2!L!eg^!)=!)&?864Y8*4)62!&'S$4&'!*:'4&!$2'!=)&!9)&()&8*'!-)34%'!5'749'2@!I*:'&!*89*492<!2$9:!82!58*8!'69&;(*4)6!865!&'-)*'!58*8!D4(46?!98(834%4*4'2<!8&'!'-(%);'5!3;!%'22!*:86!:8%=!)=!)&?864Y8*4)62@!& !
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +g!
522#B,%(#2N&O+C&P+2+4(%)Q&O+C&*()@)!!.:'!(82*!='D!;'8&2!:87'!3''6!86!469&'543%'!('&4)5!46!466)78*4)6!*:86C2!*)!469&'8246?%;!()D'&=$%!865!9:'8(!9)-($*46?<!46'>('6247'!-822!2*)&8?'<!&'82)683%;!=82*!865!&'%483%'!3&)853865!2(''52<!6'D!F/2!2$9:!82!*)$9:29&''62<!6'D!9)546?!)(*4)62!2$9:!82!k.HKQ<!83$6586*!0P/2!865!?&'8*'&!C6)DB:)D!*)!($*!4*!8%%!*)?'*:'&@!!!.)58;<!8!%)*!)=!*:'!*'9:6)%)?;!$2'5!8*!*:'!'6*'&(&42'!%'7'%!-)2*%;!hA$2*!D)&C2@i!!!I6!*:'!D:)%'<!*'9:6)%)?;!:82!6'7'&!3''6!-)&'!4-()&*86*!*)!*:'!2$99'22!)=!*:'!)&?864Y8*4)6@!F65'&%;46?!86;!464*48*47'!467)%746?!*:'!85)(*4)6!)=!6'D!*'9:6)%)?;!42!*:'!6''5!*)!2*&4C'!*:'!&4?:*!38%869'!3'*D''6!-8>4-4Y46?!'==494'69;!865!'=='9*47'6'22<!865!-464-4Y46?!&42C2!2$9:!82!46*'&)('&834%4*;!422$'2<!9)2*!)7'&B&$62!865!2'9$&4*;!3&'8C5)D62@!02!6)*'5!(&'74)$2%;<!X!46!+U!'>'9$*47'2!D4*:!2'9$&4*;!&'2()62434%4*;!3'%4'7'!*:'!2'9$&4*;!%865298('!42!3'9)-46?!-)&'!586?'&)$2!5$'!*)!*:'!469&'8246?!2)(:42*498*4)6!)=!8**89C2<!6'D!7$%6'&834%4*4'2!865!*:'!&8(45!(89'!)=!466)78*4)6@!!/=!)&?864Y8*4)62!:87'61*!8%&'85;<!*:';!D4%%!2))6!3'!=)&9'5!*)!9)6*'65!D4*:!2'7'&8%!542&$(*47'!46=)&-8*4)6!*'9:6)%)?;!*&'652"!
• Z4?!58*8!• G)948%!2)%$*4)62!• ,%)$5!9)-($*46?!• H)34%4*;!
!a:4%'!'89:!:)%52!?&'8*!(&)-42'!=)&!3$246'22'2!)=!8%%!*;('2<!*:'!2'9$&4*;!&42C2!9866)*!3'!)7'&%))C'5@!!!!!!!! !
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +e!
E,%,Q&E,%,&MB+-0C'+-+&
!.:'!38&&4'&2!*)!9&'8*46?<!98(*$&46?!865!2*)&46?!58*8!:87'!=8%%'6!*)!2$9:!%)D!%'7'%2!*:8*!-86;!)&?864Y8*4)62!8&'!6)D!2D4--46?!46!2*&$9*$&'5!865!$62*&$9*$&'5!58*8@!/V,!'2*4-8*'2!*:'!?%)38%!7)%$-'!)=!58*8!6)D!5)$3%'2!'7'&;!*D)!;'8&2!865!D4%%!*)*8%!+@X!Y'**83;*'2!c+@X!*&4%%4)6!?4?83;*'2d!9&'8*'5!865!&'(%498*'5!46!JU++@!/*!D8261*!*:8*!%)6?!8?)!D:'6!%8&?'!58*8!7)%$-'2!D'&'!-'82$&'5!46!*'&83;*'2!865!('*83;*'2!L!*:)2'!=4?$&'2!6)D!2''-!8%-)2*!S$846*@!!!a4*:!-)&'!58*8!3'46?!(&)5$9'5!865!*)$9:'5!3;!-)&'!(')(%'<!*:'!()*'6*48%!=)&!58*8!%)22!)&!%'8C8?'!?&)D2!899)&546?%;@!,)-(./0!&'2'8&9:!=)$65!+!46!Q!)&?864Y8*4)62!&'()&*'5!5'=464*'%;!'>('&4'6946?!2'624*47'!58*8!%)22!46!*:'!(82*!+J!-)6*:2<!D:4%'!MJ^!&'()&*'5!%4C'%;!58*8!%)22@!.:'!&'-84646?!OX^!)=!=4&-2!9%84-!8!('&='9*!&'9)&5!)=!58*8!(&)*'9*4)6<!3$*!5)!*:';!&'8%%;!C6)D!=)&!2$&'l!I=!9)$&2'!6)*<!D:49:!42!)6'!)=!*:'!-)2*!5429)69'&*46?!82('9*2!)=!58*8!%)22`%'8C8?'!L!9)-(864'2!-8;!6'7'&!C6)D!*:'!'>*'6*!*)!D:49:!*:';17'!3''6!:8&-'5!3;!2'624*47'!58*8!=8%%46?!46*)!*:'!D&)6?!:8652@!!!0-)6?!)&?864Y8*4)62!'>('&4'6946?!58*8!%)22`%'8C8?'<!*:'!%'8546?!9$%(&4*!8(('8&2!*)!3'!58*8!46!-)*4)6@!#)&!'>8-(%'<!2'6546?!46=)&-8*4)6!748!$6'69&;(*'5!'-84%<!5)D6%)8546?!)&!$(%)8546?!$6'69&;(*'5!58*8!*)!8!D'324*'<!*&862()&*46?!=4%'2!748!8!FGZ!#%82:!5&47'<!)&!899'2246?!*:'!/6*'&6'*!748!86!$62'9$&'5!a4#4!6'*D)&C@!I&?864Y8*4)62!=''%!2%4?:*%;!-)&'!9)6=45'6*!46!(&)*'9*46?!58*8!8*!&'2*!865!58*8!46!$2'<!3$*!*:'!6$-3'&2!2*4%%!()46*!*)!:4?:!%'7'%2!)=!&42C@!!
!
!"#"$%&''(%)"*"+)$,-).#'$/"01$213)'$&4$5&63&6"#)$!"#"$
!"#$
!%#$
!&#$
'!#$
%'#$
78'3).#$9"#"$:&''(:)"*"+)$;8#$<"=)$0&#$>9)0?@)9$)A".#:1$B<"#$B"'$:&'#$
5&63&6"#)$>0#)::).#8":$36&3)6#1C$#6"9)$').6)#'C$)#.D$
5&0@9)0?":$.8'#&E)6$9"#"$F)D+D$.6)9>#$."69$08E;)6'G$
5&0@9)0?":$)E3:&1))$9"#"$F)D+D$HI$6).&69'G$
5&0@9)0?":$.&63&6"#)$@0"0.>":$9"#"$
7&86.)J$5&E32K,L'!"#$!%&&'()!*&+,-.(/,&!012'-3#4!5-1&67!'#891$M"')J$NNO$PD7D$.&E3"0>)'$#<"#$)A3)6>)0.)9$9"#"$:&''$
!"#"$:&''(:)"*"+)$"E&0+$#<)$QNR$&4$@6E'$#<"#$6)3&6#$)A3)6>)0.>0+$9"#"$:&''(:)"*"+)$>0$#<)$3"'#$SN$E&0#<'$
()*+*$,-.-$/0112$/*-3-4*$5667+1$QTR $!"#"$"#$6)'#$
USR $!"#"$>0$E&?&0$
OTR $!"#"$>0$8')$$
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +X!
I&?864Y8*4)62!=89'!8!6$-3'&!)=!:'85D4652!46!855&'2246?!58*8!%)22`%'8C8?'@!.:'!&42'!)=!2)948%!6'*D)&C46?!:82!S$49C%;!462*4%%'5!8!-'6*8%4*;!)=!h2:8&'!=4&2*<!82C!S$'2*4)62!%8*'&i!8-)6?!%8&?'!2'?-'6*2!)=!*:'!()($%8*4)6@!/*12!$6&'8%42*49!*)!*:46C!'-(%);''2!899$2*)-'5!*)!=&''%;!2:8&46?!*:'4&!%4='!)6!#89'3))C!865!.D4**'&!D4%%!&'=&846!=&)-!-'6*4)646?!D)&C!89*474*4'2@!,)6245'&!*:'!&'9'6*!'>8-(%'!)=!*:'!H49&)2)=*!'-(%);''!D:)!*D''*'5!83)$*!86!$6&'%'82'5!T)C48!a465)D2!(:)6'@!.:'!'-(%);''!*:)$?:*!*:'!(:)6'!D82!9))%!865!D86*'5!*)!2:8&'!*:'!6'D2<!6)*!*:46C46?!)=!*:'!3&)85!9)62'S$'69'2!)&!4-(89*!*)!*:'!(&)5$9*!&'%'82'@!.:'!58*8!%'8C8?'!822)948*'5!D4*:!*:42!-'6*8%!%8(2'!D82!'6)$?:!*)!98$2'!*:'!'-(%);''12!542-4228%@!!0%)6?!*:)2'!28-'!%46'2<!*:'!3%$&&46?!)=!D)&C!865!:)-'!%4='!:82!2($&&'5!*:'!46*'&-46?%46?!)=!9)-(86;!865!('&2)68%!5'749'2!865!8((%498*4)62@!\6)D%'5?'!D)&C'&2!8&'!$65'&!469&'8246?!(&'22$&'!*)!3'!8784%83%'!JO`e<!-8C46?!4*!'82;!=)&!*:'-!*)!A$2*4=;!$246?!9)-(86;!(&)('&*;!*)!98*9:!$(!)6!('&2)68%!*82C2<!)&!'7'6!8%%)D46?!8!2()$2'!)&!9:4%5&'6!*)!$2'!*:'!=82*'&!D)&C!%8(*)(!)7'&!*:'!D''C'65@!,)67'&2'%;<!'-(%);''2!8*!2)-'!)&?864Y8*4)62!:87'!3''6!8:'85!)=!*:'!9$&7'!46!85)(*46?!9'&*846!*'9:6)%)?4'2!c*:46C!85)(*4)6!)=!8!2-8&*(:)6'<!D:4%'!*:'!&'2*!)=!*:'!'6*'&(&42'!$2'2!38249!Z%89CZ'&&;2d@!.:42!h3&46?!;)$!)D6!5'749'i!cZ]IVd!*&'65!:82!3''6!86)*:'&!%865-46'!=)&!)&?864Y8*4)62!2''C46?!*)!38%869'!)('&8*46?!('&=)&-869'<!'-(%);''!28*42=89*4)6!865!46=)&-8*4)6!2'9$&4*;@!!K82*%;<!*:'!h9)62$-'&4Y8*4)6!)=!/.i!:82!(&)5$9'5!-86;!3'6'=4*2<!2$9:!82!8!?&'8*'&!=)9$2!)6!*:'!$2'&!'>('&4'69'!865!*:'!=&''-4$-!-)5'%@!.:'!5)D6245'<!4*!-8;!:87'!*8$?:*!2)-'!$2'&2!*)!($2:!389C!8?8462*!86;*:46?!('&9'47'5!82!$6=&4'65%;@!#)&!'>8-(%'<!&'%$9*869'!*)!'-3&89'!9)&()&8*'!()%494'2!?)7'&646?!(822D)&52!865!%)?46`%)?)$*!(&)9'5$&'2@!I&<!*:'!$6D4%%46?6'22!*)!=)&'?)!*:'!462*86*!?&8*4=498*4)6!822)948*'5!D4*:!8!S$49C!865!'82;!8((!5)D6%)85@!!!a:'6!58*8!%)22`%'8C8?'!5)'2!)99$&<!)&?864Y8*4)62!&'2()65!46!8!6$-3'&!)=!D8;2@!099)&546?!*)!*:'!,)-(./0!&'2'8&9:<!*:'!*)(!=47'!&'2()62'2!469%$5'"!!
GH /-(%'-'6*!'69&;(*4)6!()%494'2!=)&!58*8!2*)&'5!)6!-)34%'!5'749'2!)&!()&*83%'!-'548!IH ,&'8*'!8!2*&49*'&!2'(8&8*4)6!)=!D)&C!865!('&2)68%!5'749'2!)&!9)--$6498*4)62!JH R'46=)&9'!)&!9&'8*'!899'(*83%'!$2'!()%494'2!=)&!-)34%'!5'749'!KH R'46=)&9'!)&!9&'8*'!9)&()&8*'!()%494'2!?)7'&646?!*:'!2:8&46?!)=!(&)(&4'*8&;!46=)&-8*4)6!)6!3%)?2<!
=)&$-2<!)&!2)948%!6'*D)&C2!LH #$&*:'&!9)-(8&*-'6*8%4Y'!2'624*47'!9)&()&8*'!58*8!*)!'62$&'!)6%;!6''5B*)BC6)D!'-(%);''2!
:87'!899'22!!.:42!2*$5;!545!6)*!?)!46*)!5'*84%!)6!*:'!$2'!)=!58*8!%)22!(&)*'9*4)6!cVKPd!*))%2<!3$*!=)&!/.!2)%$*4)6!(&)745'&2!)=='&46?!2'9$&4*;!2'&749'2<!4*!2:)$%5!3'!8!9)6245'&8*4)6@!VKP!*))%2<!8%)6?!D4*:!58*8!89*474*;!-)64*)&46?!cV0Hd<!986!:'%(!)&?864Y8*4)62!5429)7'&<!-)64*)&!865!(&)*'9*!2'624*47'!58*8@!R'8%42*498%%;<!8!9)-(&':'6247'!VKP!)=='&46?!D4%%!3'!3';)65!*:'!6''52!865!&'89:!)=!-86;!2-8%%!865!-'54$-B24Y'!3$246'22'2@!0!3'**'&!2*8&*46?!()46*!-8;!3'!*)!:'%(!9$2*)-'&2!24-(%;!-8(!*:'!%)98*4)6!)=!*:'4&!58*8!89&)22!8%%!5'749'2<!58*8382'2!865!86;!)*:'&!&'()24*)&4'2@!/6'74*83%;<!)&?864Y8*4)62!D4%%!%'8&6!)=!58*8!2*)&'5!46!8!%)98*4)6!D:'&'!4*!2:)$%561*!3'!L!8!?))5!=4&2*!2*'(!*)!=&8-46?!*:'!58*8!%)22!(&)*'9*4)6!5429$224)6@!!!&
& &
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! +W!
7#.(,<&O+%C#-@(2:&R#+)&=#-8#-,%+&
!0=*'&!*&84%46?!*:'!9)62$-'&!-8&C'*!=)&!2)-'!*4-'<!-86;!3$246'22'2!:87'!=468%%;!'-3&89'5!2)948%!*'9:6)%)?4'2@!05546?!8!h2)948%i!9)-()6'6*!:82!3'9)-'!5'!&4?$'$&!=)&!A$2*!83)$*!86;!2*&8*'?49<!-8&C'*46?!)&!PR!(%86!*:'2'!58;2@!.:'!'6)&-)$2!$2'&!382'2!)=!*:'!-)2*!(&)-46'6*!2)948%!6'*D)&C2<!#89'3))C<!K46C'5/6!865!.D4**'&!cXUU!-4%%4)6_<!+UU!-4%%4)6_!865!+UU!-4%%4)6_<!&'2('9*47'%;d!9)$%5!6)*!3'!4?6)&'5@!.))%2!D4*:!86!'6*'&(&42'!=)9$2<!2$9:!82!]8--'&!)&!G8%'2=)&9'@9)-!,:8**'&<!()24*4)6'5!*)!'683%'!865!'69)$&8?'!9&)22B'-(%);''!9)--$6498*4)6!865!9)%%83)&8*4)6<!9)6*46$'!*)!?846!-)-'6*$-@!!!V'2(4*'!*:'!2*8??'&46?!?&)D*:!46!*:'!$2'!)=!2)948%!6'*D)&C46?<!)6'!9)$%5!-8C'!*:'!982'!*:8*!*:'!2'9$&4*;!&42C2!822)948*'5!D4*:!2)948%!:87'!3''6!&'%8*47'%;!%)D@!.:8*!D4%%!%4C'%;!9:86?'!*:)$?:@!.:'&'!8&'!*D)!(&4-8&;!9)-()6'6*2!)=!*:'!&42C"!+d!H8%D8&'!542*&43$*'5!748!2)948%!6'*D)&C46?!(%8*=)&-2!865!Jd!G)948%!'6?46''&46?!=894%4*8*'5!3;!2)948%!'6?8?'-'6*@!!!!0!='D!'>8-(%'2!)=!*:'!=4&2*!98*'?)&;!469%$5'"!
• j4&$2'2!*:8*!46='9*!$2'&2!D4*:!%$&46?!-'228?'2!2$9:!82!h-8C'!-)6';!)6!.D4**'&<i!h?'*!+<UUU!.D4**'&!=)%%)D'&2<i!h2)-')6'!9)--'6*'5!)6!;)$&!#89'3))C!()2*<i!)&!h2)-')6'!()2*'5!;)$&!(:)*)!8%%!)7'&!*:'!/6*'&6'*i!
• G(8-`G)%494*8*4)62!-85'!748!GC;('!)&!GHG!!• H8%D8&'!:455'6!46!2:)&*'6'5!FRK2!)&!9)&&$(*'5!8((2!• Z)*2!-8C46?!$68$*:)&4Y'5!&'9)--'658*4)62!c8C8!%4C'BA89C46?d!
!I6'!)=!*:'!34??'2*!2'9$&4*;!422$'2!&'%8*'5!*)!2)948%!6'*D)&C46?!'6*84%2!*:'!:4?:!%'7'%!)=!822$-'5!*&$2*!8-)6?!$2'&2@!a:'6!86!4654745$8%!&'9'47'2!8!-'228?'!=&)-!2)-')6'!46!*:'4&!6'*D)&C!*:'!5'=8$%*!822$-(*4)6!42!)6'!)=!%'?4*4-89;@!0!298-!*:8*!-85'!*:'!&)$652!8D:4%'!389C!467)%7'5!8!-8%D8&'B465$9'5!()2*46?!*)!#89'3))C!8%)6?!*:'!%46'2!)=!hk'%(<!/1-!*&87'%46?!83&)85!865!%)2*!-;!D8%%'*@!P%'82'!D4&'!-)6';@i!G''46?!8!()2*!=&)-!8!=&4'65<!:)D'7'&!2''-46?%;!$63'%4'783%'<!D4%%!98$2'!-)2*!$2'&2!*)!8*!%'82*!9)6245'&!*:'!()22434%4*;!)=!4*!3'46?!*&$'@!hG)948%!8$*:'6*498*4)6i!(&)9'22'2!:87'!;'*!*)!&'%483%;!855&'22!*:'2'!24*$8*4)62@!!!Z';)65!)374)$2!298-2<!*:'!-)&'!462454)$2!*:&'8*!9)-'2!=&)-!*:'!-4646?!)=!58*8!=&)-!2)948%!6'*D)&C2@!P$3%49%;!8784%83%'!46=)&-8*4)6!46!(&)=4%'2<!()2*46?2!)&!.D''*2!-8;!:'%(!:89C'&2!)&!45'6*4*;!*:4'7'2!*)!5429)7'&!8%%!*:';!6''5!*)!C6)D!*)!46=%49*!:8&-@!,)6245'&!86!'>8-(%'!)=!86!'-(%);''!?'**46?!8!98%%!=&)-!2)-')6'!(&'*'6546?!*)!3'!8!9)BD)&C'&!46!8!28*'%%4*'!)==49'@!.:42!('&2)6!-8;!*&;!*)!3$4%5!&8(()&*!3;!$246?!46=)&-8*4)6!2:8&'5!748!2)948%!6'*D)&C46?<!2$9:!82!-'6*4)646?!*:'!-$*$8%!8**'65869'!8*!8!&'9'6*!9)6='&'69'@!V428&-'5<!*:'!$62$2('9*46?!'-(%);''!-8;!2:8&'!2'624*47'!9)&()&8*'!46=)&-8*4)6<!)&!'7'6!D)&2'<!899'22!9&'5'6*48%2@!!,)-(./0!&'2'8&9:!9)6=4&-2!*:42!9)69'&6@!#)&*;B24>!('&9'6*!)=!&'2()65'6*2!&8*'5!2)948%!'6?46''&46?!865!(:42:46?`2('8&!(:42:46?!8!2'&4)$2!2'9$&4*;!9)69'&6<!D:4%'!O+^!&8*'5!4*!82!8!-)5'&8*'!9)69'&6@!0554*4)68%%;<!Q+^!2845!*:';!3'%4'7'!*:42!*:&'8*!42!-)&'!9&4*498%!*)58;!9)-(8&'5!*)!+J!-)6*:2!8?)@!!#)&!/.!2)%$*4)6!(&)745'&2!865!7'65)&2<!*:'!54&'9*!3$246'22!)(()&*$64*4'2!822)948*'5!D4*:!2'9$&4*;!865!2)948%!6'*D)&C46?!8&'!(&)383%;!2*4%%!-46)&!2469'!-$9:!)=!*:'!&42C!42!3':874)&!&'%8*'5@!P%'6*;!)=!4654&'9*!)(()&*$64*4'2!'>42*!*:)$?:!46!:'%(46?!)&?864Y8*4)62!5'7'%)(!2)948%!-'548!899'(*83%'!$2'!()%494'2!)&!(&)74546?!'65!$2'&!*&84646?<!)=='&'5!82!(8&*!)=!8!$64=4'5!*:&'8*!-868?'-'6*!cF.Hd!2)%$*4)6@!!!& &
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! JU!
7+.$-(%0&(2&%'+&=<#$9&
!0-8Y)6<!V&)(3)>!865!N(24%)6!8%%!-85'!*:'!6'D2!46!JU++!=)&!2'9$&4*;!46945'6*2!467)%746?!*:'4&!9%)$5!2'&749'2@!,/I2!9)6*'-(%8*46?!hD:8*!4=i!29'68&4)2!?)*!*)!2''!=4&2*:865!*:'!&'2$%*2!)=!8!24?64=4986*!9%)$5!)$*8?'<!8!(822D)&5!268=$!%'8746?!58*8!'>()2'5!865!*:'!-8%494)$2!:89C46?!)=!8!9%)$5!2'&749'!(&)745'&@!!!T)*!2$&(&4246?%;<!*)(!)=!-465!2'9$&4*;!9)69'&62!&'%8*'5!*)!9%)$5!9)-($*46?!*'65!*)!&'7)%7'!8&)$65!2;2*'-!)$*8?'2!865!58*8!%)22@!/*12!D)&*:!C''(46?!-465!*:8*!-86;!)&?864Y8*4)62!8&'!2*4%%!46!*:'!'>('&4-'6*8%!2*8?'!D4*:!9%)$5!9)-($*46?!865!-8;!6)*!;'*!:87'!9)6245'&'5!9'&*846!&42C2@!!>#8&GS&M29&T)+-&=#2.+-2)&*+<,%+9&%#&=<#$9&7+.$-(%0&
OM^! G;2*'-!5)D6*4-'`3$246'22!46*'&&$(*4)62!OU^! N>()2$&'!)&!%)22!)=!58*8!5$&46?!=4%'!*&862='&2!*)!*:'!9%)$5!MW^! ,)69'&62!)7'&!'69&;(*4)6!)=!58*8!c'4*:'&!*&86289*4)68%!)&!8*!&'2*d!MW^! P:;2498%!2'9$&4*;!)=!9%)$5!2'&749'!(&)745'&!58*8!9'6*'&2!Mg^! G:8&'5!*'9:6)%)?;!7$%6'&834%4*4'2!c'@?@!2'?&'?8*4)6!)=!58*8!46!8!-$%*4B*'686*!'674&)6-'6*d!MQ^! H8%494)$2!89*474*;!=&)-!46245'&2!)&!(&474%'?'5!85-4642*&8*)&2!8*!9%)$5!(&)745'&2!MJ^! /5'6*4=;46?`8$*:'6*498*46?!$2'&2!M+^! V4==49$%*;!46!822'2246?!865!9)-(8&46?!*:'!2'9$&4*;!)=!9%)$5!2'&749'!(&)745'&2!JX^! ,)-(%;46?!D4*:!%'?8%`&'?$%8*)&;!&'S$4&'-'6*2!!I*:'&!9)69'&62!-'6*4)6'5!469%$5'"!834%4*;!*)!9)65$9*!8$54*2`&'74'D!%)?2<!%)22!)=!9)6*&)%<!7'65)&!%)9CB46<!%89C!)=!*&862(8&'69;!D4*:!%)98*4)6!)=!9%)$5!58*8!9'6*'&2<!865!462'9$&'!0P/2@!!!099)&546?!*)!/V,<!*:'!9)-346'5!($3%49`(&478*'!9%)$5!2'9$&4*;!-8&C'*!D4%%!-)&'!*:86!5)$3%'!)7'&!*:'!6'>*!='D!;'8&2<!899)$6*46?!=)&!6'8&%;!+O^!)=!8%%!2'9$&4*;!(&)5$9*2!2)%5!D)&%5D45'!3;!JU+Q<!$(!=&)-!83)$*!Q@e^!)=!*:'!*)*8%!-8&C'*!46!JU+U@!!! !
!"#$%&#$
'(#$
!&#$
!"#$%&'$()%*+,-%-"$../+0)%12-%3+&%+0.)42+5-64"&3/+)*+,-.*+.$/0$12/3-$1/4536*7$89:7.$;4/*7$8<=<$1/45:*,.9$
;>$?.:9>$=/4.@A:>$
B/>$1/*C-.*>$
1/*C-.*+.$,*$12/3-$DE/F,-.E9G$;H,2,>I$>/$DE/F,-.$:$=.+3E.$12/3-$$J*F,E/*4.*>$
K.EI$1/*C-.*>$
1/*C-.*>$
5)4"6-7+0)89:;<=*!"#$!%&&'()!*&+,-.(/,&!012'-3#4!5-1&67!*342/+>$*-7+?@@+AB5B+6)89$%&-*+
!L#$
(M#$
!N#$
O.:FI$89:7.$
P/-.E:>.$89:7.$
?,7A>$89:7.$
B/*$89:7.$
M!#$BJQ$39:7.$
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! J+!
V'2(4*'!*:'!2'9$&4*;!9)69'&62<!-)2*!)&?864Y8*4)62!&'()&*!3'46?!9)6=45'6*!)&!7'&;!9)6=45'6*!c6'*!XQ^d!46!*:'4&!9%)$5!2'&749'!(&)745'&@!0!='D!6)*83%'!46945'6*2!6)*!D4*:2*86546?<!*:42!2:)$%5!3'!74'D'5!82!8!*'2*8-'6*!*)!*:'!S$8%4*;!)=!2'&749'!)=='&'5!3;!*:'!-8A)&!9%)$5!(&)745'&2!865!*:'!2$(()&*!(&)745'5!3;!/.!2)%$*4)6!(&)745'&2@!!!0%%!24?62!()46*!*)!'7'6!?&'8*'&!%'7'%2!)=!9%)$5!85)(*4)6!46!JU+J<!3$*!4*!9)$%5!3'!2)-'!*4-'!3'=)&'!)&?864Y8*4)62!$2'!*:'!9%)$5!=)&!*:'!-8A)&4*;!)=!*:'4&!2;2*'-2@!099)&546?!*)!*:'!,)-(./0!&'2'8&9:<!%8&?'!6$-3'&2!)=!)&?864Y8*4)62!:87'!6)!46*'6*4)6!)=!($**46?!9'&*846!*;('2!)=!58*8!)&!8((%498*4)62!46*)!*:'!9%)$5@!.)((46?!*:'!%42*!469%$5'2!*:46?2!2$9:!82!9)6=45'6*48%!=4686948%!58*8<!9&'54*!98&5!58*8!865!2'624*47'!/P@!#)&!=4&-2!'2('948%%;!9)69'&6'5!83)$*!2'9$&4*;<!()2243%;!5$'!*)!*:'!465$2*&;!7'&*498%!*:';!)('&8*'!46<!*:'!%4C'%4:))5!*)!D4*::)%5!9'&*846!*;('2!)=!58*8!)&!8((%498*4)62!42!'7'6!-)&'!(&)6)$69'5@!!!#)&!/.!2)%$*4)6!(&)745'&2!865!9%)$5!2'&749'!(&)745'&2<!*:42!2:)$%5!2'&7'!82!8!&'8%4*;!9:'9C@!]'2<!*:'!9%)$5!42!86!4-()&*86*!*&'65!865!D4%%!8=='9*!*:'4&!3$246'22!c2''!,)-(./0!;#(&&1)$@(-"&1-$4-1&56!2*$5;!=)&!-)&'!5'*84%2!)6!*:42!*)(49d<!3$*!*:'&'!D4%%!2*4%%!3'!8!6''5!=)&!&)3$2*!)6B(&'-42'!865!:;3&45!2)%$*4)62!=)&!-86;!;'8&2!*)!9)-'@!!!!
!! !
!"#$%&'()%*'+)%,-$./#$0#%'$%,1-2/%3#024'(56%78$5%9'4:;%3<11%=$&'11'$+%(-%3(-4#%,#4(8'$%>5?#;%-@%A8(8%>)#4#%
!"#"$%&'(")*+,$"-+$./0$1+#$$2*33*)4$#&$(5#$*)$#6+$%3&57$
8'"33$9*-',$
:+7*5'$9*-',$
;"-4+$$9*-',$
8+%5-*#1$<"#+7$"$=*46$
>-*&-*#1$
8+%5-*#1$<"#+7$"$
:+7*5'$&-$;&2$
>-*&-*#1$
,-$./#$<81%0-:?8$5%.$8$0'81%/8(8% BCD% EED% EFD% EGD% BHD%
,4#/'(%084/%/8(8% EID% EID% EJD% EFD% JKD%
!:?1-5##%*L%.1#;% BED% BJD% BBD% BJD% BKD%
,-$./#$<81%'$(#11#0(281%?4-?#4(5%M%0-:?8$5%%(48/#%;#04#(;% BND% BHD% BBD% BGD% JID%
,2;(-:#4%0-$(80(%'$@-4:8<-$% JID% JED% HED% JID% HGD%
A8(8%0-"#4#/%O5%4#+218<-$;%P#Q+Q%*RSST6%S,R6%%384O8$#;UVW1#56%#(0QX% HED% HFD% HED% HFD% HBD%
3-240#Y%,-:?>RTZ;!"#$!%&&'()!*&+,-.(/,&!012'-3#4!5-1&67!;(2/5%[8;#Y%EII%=Q3%0-:?8$'#;%
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! JJ!
.8C46?!8!2*'(!389C<!)&?864Y8*4)62!$246?!*:'!9%)$5!8&'!=89'5!D4*:!8!&86?'!)=!5'9424)62"!*:'!-)5'%!c($3%49<!(&478*'!)&!:;3&45!9%)$5d<!2'&749'!%'7'%!c/88G<!P88G!)&!G88Gd<!*:'!7'65)&2!)&!/.!2)%$*4)6!(&)745'&2!*)!:4&'!865!()2243%;!*:'!5'?&''!)=!9%)$5`)6B(&'-42'!46*'?&8*4)6@!/6!8554*4)6!*)!*:'!38249!'78%$8*4)6!-'*&492!2$9:!82!9)2*!865!('&=)&-869'<!*:'!58*8!2$??'2*2!-)2*!)&?864Y8*4)62!469%$5'!8!&'74'D!)=!*:'!9%)$5!2'&749'!(&)745'&12!2'9$&4*;!()%494'2<!(&)9'5$&'2!865!98(834%4*4'2@!!D+B+<&*+B(+C&=#29$.%+9&"0&M29&T)+-)&=<#$9&7+-B(.+&1-#B(9+-U)&7+.$-(%0&1#<(.(+)Q&&
1-#.+9$-+)&,29&=,8,"(<(%(+)&
JW^! k'87;!&'74'D!OO^! H)5'&8*'!&'74'D!+M^! K4**%'!)&!6)!&'74'D!!+O^! V'('652!L!46!2)-'!982'2!:'87;!&'74'D!865!46!)*:'&2!%4?:*!)&!-)5'&8*'!&'74'D!!G'9$&4*;!-87'62!(&)383%;!74'D!*:42!82!8!h9$(!:8%=!=$%%<!:8%=!'-(*;i!24*$8*4)6@!I6!*:'!)6'!:865<!?47'6!*:'!9%)$5!-)5'%!42!2*4%%!&'%8*47'%;!6'D!*)!-86;!)&?864Y8*4)62<!4*12!'69)$&8?46?!*)!2''!2)%45!6$-3'&2!)=!$2'&2!'78%$8*46?!*:'4&!9%)$5!(&)745'&!46!8&'82!2$9:!82!'69&;(*4)6!()%494'2!865!54282*'&!&'9)7'&;!(%862@!I6!*:'!)*:'&!:865<!-86;!9&4*498%!'%'-'6*2!)=!*:'!9%)$5!2'9$&4*;!'S$8*4)6!8(('8&!*)!3'!&)$*46'%;!)7'&%))C'5<!2$9:!82!&'?$%8*)&;!9)-(%4869'<!?')%)98*4)6!)=!58*8!865!*:'!9&'5'6*48%2!)=!*:'!(&)745'&@!!GHZ2!46!(8&*49$%8&<!D4*:!)=*'6!%)D'&!%'7'%2!)=!/.!2)(:42*498*4)6<!-8;!-8C'!*:'!822$-(*4)6!*:8*!8%%!82('9*2!)=!2'9$&4*;!D4%%!3'!2$==494'6*%;!:865%'5!3;!*:'4&!9%)$5!2'&749'!(&)745'&<!D:49:!-8;!)&!-8;!6)*!3'!*:'!982'@!.:42!42!9)6=4&-'5!3;!*:'!58*8<!D:'&'!)6%;!JJ^!)=!2-8%%!=4&-2!&'()&*!'6?8?46?!46!8!:'87;!&'74'D!)=!*:'4&!9%)$5!2'&749'!(&)745'&12!2'9$&4*;!(&89*49'2<!9)-(8&'5!*)!O+^!=)&!%8&?'!=4&-2@!!
!"#$%&%'()*+'"),(('((%"-)./0$1)2&03%1'&)4'5$&%67)
!"#$
!%#$
&#$
'#$
(#$
)#$
*#$
&#$
&(#$
'+#$
&"#$
&"#$
')#$
'+#$
'"#$
'"#$
&%#$
)&#$
)&#$
)+#$
)*#$
)(#$
+!#$
+&#$
8'0-&9:+%5)/059;0")0<):&03%1'&=()1969)5'"6'&()
>'-$/960&7)50?:/%9"5')0<)5/0$1):&03%1'&)
!1'";67)9"1)955'(()?9"9-'?'"6)
@969)&'6'";0"):0/%5%'()
.&'1'";9/()+'/1)A7)5/0$1):&03%1'&)B'C-C)4,4)DEF)
@969)%"6'-&%67)9(($&9"5'()
G$(%"'(()50";"$%67)H)1%(9(6'&)&'503'&7):/9"()0<)5/0$1):&03%1'&)
I"5&7:;0"):0/%5%'()<0&)1969)96)&'(6)9"1)%")6&9"(%6)
,-./01$23456$7451$
8/95-0$39$:5;59$
40$&5'J).0?:K!,=(!"#$!%&&'()!*+,'-.#/!0-+&12!(6$17)G9('J)LME)NC4C)50?:9"%'()$(%"-)5/0$1)05?:$;"-)
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! JM!
R'9'6*%;<!*:'!,4*;!)=!K)2!06?'%'2!865!E))?%'!%'8&6'5!*:'!:8&5!D8;!D:8*!:8(('62!D:'6!86!$69'&*846!&'?$%8*)&;!78&483%'!42!46*&)5$9'5!46*)!8!9%)$5!5'(%);-'6*@!K0!:85!*)!8%*'&!4*2!(%86!*)!2:4=*!MU<UUU!94*;!'-(%);''2!*)!E))?%'!0((2!D:'6!4*!D82!5429)7'&'5!E))?%'!0((2!D82!6)*!=$%%;!9)-(%486*!D4*:!*:'!#Z/12!2'9$&4*;!&'S$4&'-'6*2!=)&!9)66'9*46?!*)!*:'!,&4-468%
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! JO!
,)-(./0!&'2'8&9:!:82!=)$65!*:8*!D:4%'!)&?864Y8*4)62!-8;!6)*!:87'!2('94=49!2'9$&4*;!464*48*47'2!(%866'5<!2'9$&4*;!42!2*4%%!8!*)(!9)69'&6!*:8*!-$2*!3'!855&'22'5!82!)*:'&!(&)A'9*2!*8C'!(%89'@!02!*:'!9&4*498%!68*$&'!)=!/.!5&47'2!(&)A'9*2!=)&D8&5!8*!8!&8(45!(89'<!*:'&'!8&'!-86;!2*&8*'?4'2!*:8*!8&'!5'24&83%'!=)&!-''*46?!3$246'22!)3A'9*47'2!3$*!&'S$4&'!-)54=498*4)6!)=!'>42*46?!2'9$&4*;!(&89*49'2!)&!9)-(%'*'%;!6'D!2'9$&4*;!*'9:6)%)?4'2@!!H)34%4*;!42!)6'!)=!*:'2'!8&'82!*:8*!&'S$4&'!86!466)78*47'!8((&)89:!*)!2'9$&4*;@!E%)38%!/65$2*&;!068%;2*2!(&'549*2!*:8*!*:'!?%)38%!-8&C'*!=)&!-)34%'!2'9$&4*;!D4%%!&'89:!f+O@O!34%%4)6!3;!JU+e@!R'2$%*2!=&)-!*:'!,)-(./0!-)34%4*;!2$&7';!8%2)!465498*'!*:42!*)!3'!8!?&)D46?!(&)2('9*"!eU^!)=!&'2()65'6*2!D:)!D)&C!46!/.!5'(8&*-'6*2!28;!*:8*!2'9$&4*;!)=!-)34%'!5'749'2!42!*:'!%8&?'2*!&42C!*)!5'8%!D4*:!D:'6!3$4%546?!8!-)34%4*;!2*&8*'?;@!!.:42!9)69'&6!)7'&!2'9$&4*;!D)$%5!8(('8&!*)!3'!D'%%!=)$65'5@!02!'-(%);''2!8&'!3&46?46?!*:'4&!)D6!2-8&*(:)6'2!865!*83%'*2!46*)!*:'!D)&C(%89'!865!5&4746?!/.!5'(8&*-'6*2!8D8;!=&)-!*:'!834%4*;!*)!-8658*'!8!246?%'<!8((&)7'5!5'749'<!*:'!2'9$&4*;!)=!*:'2'!9)62$-'&!5'749'2!6''52!*)!3'!3&)$?:*!$(!*)!'6*'&(&42'!2*8658&52@!!!
!!!!!
!"#$%&'(&)*+$,-'."/)&+/0'"/',1&'2$0&''
!"#$
"%#$
!"#$
"&#$
"'#$
"(#$
"'#$
%"#$
%'#$
)(#$
%"#$
%)#$
)(#$
)'#$
)(#$
%*#$
%*#$
%"#$
%"#$
%!#$
%&#$
2$030'400")$4,&5'6$,1'&78%"-&&0'*0$/9'0")$4%'7&5$4'"/'4'7"#$%&'5&:$)&'
;<+$/9'-"*+'"6/'5&:$)&;'=<>?@A'+$030'
2$030'400")$4,&5'6$,1'B(<'C401'5+$:&0'
!"#$%&'5&:$)&D08&)$E)':$+*0&0'"+'",1&+'74%64+&'
2$030'400")$4,&5'6$,1'*0$/9'"8&/'F$G$'/&,6"+30'
H1&I'"J'"+'%"00'"J')"+8"+4,&'7"#$%&'5&:$)&0''
K78%"-&&0'5"6/%"45$/9'*/4*,1"+$L&5'4880'
+,-./01$2/34,-3$
5/6,-78,$2/34,-3$
9.:;,$/-$</$2/34,-3$
!"#$%&'()'$%)*&+)',-.$/&!"#$%&'(!)%*&+,-$./01'$.2&34&5'-6"+4&.&5'789-').5'):4";5$)%&+-''("*+)&M'."78HNOP0'<46'=..:)%'>.2"+!),".'?&3:+$4@'A+&.5-'0,*5-'
<40&M'QRR'BS(S'NH'"+'<*0$/&00'&T&)*U:&0'=434'&/5'*0&+0A'
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! JQ!
!0*!*:42!()46*<!-)34%'!-8%D8&'!42!6)*!)6'!)=!*:'!*)(!2'9$&4*;!46945'6*2!'>('&4'69'5!3;!/.!5'(8&*-'6*2<!D:49:!2''-2!83)$*!9)6242*'6*!D4*:!*:'!*:&'8*!%'7'%!*)!58*'@!.:'!-)2*!9)--)6!2'9$&4*;!46945'6*!42!8!%)2*!5'749'<!D:49:!:82!3''6!'>('&4'69'5!3;!Qg^!)=!)&?864Y8*4)62!46!*:'!2$&7';@!.:'!6'>*!-)2*!9)--)6!46945'6*!D82!8!74)%8*4)6!)=!9)-(86;!()%49;!&'?8&546?!9)&()&8*'!58*8!cJQ^d<!86!'-'&?46?!=89*)&!46!58*8!%)22!82!6)*'5!'8&%4'&!46!*:42!&'()&*@!!a:4%'!5'749'!*:'=*!)&!%)22!42!2*4%%!8!-8A)&!9)69'&6<!5)D6%)8546?!$68$*:)&4Y'5!8((%498*4)62!&8*'2!82!*:'!*)(!-)34%'!2'9$&4*;!9)69'&6@!0!='D!=89*)&2!9)6*&43$*'!*)!*:42!9)69'&6@!I6'<!-86;!)&?864Y8*4)62!8%%)D!'65!$2'&2!=&''!&'4?6!*)!5)D6%)85!865!-868?'!8((2!)6!*:'4&!-)34%'!5'749'@!/6!8!h3&46?!;)$&!)D6!5'749'i!!cZ]IVd!'674&)6-'6*<!*:42!(&89*49'!42!)=*'6!*:'!6)&-@!/6!*'&-2!)=!$2'&!('&9'(*4)62!)=!8((2<!*:'!5'=8$%*!()24*4)6!=)&!-86;!42!)6'!)=!h4=!4*12!46!*:'!8((!2*)&'<!4*!-$2*!3'!28='@i!!!G'9)65%;<!D:4%'!'89:!)=!*:'!-8A)&!-)34%'!IG!(%8*=)&-2!:87'!(&)9'5$&'2!46!(%89'!*)!29&''6!8((2<!*:'!(&)9'22!42!6)*!+UU^!=84%!28='@!E))?%'!&'()&*'5%;!&'-)7'5!-)&'!*:86!gU!-8%494)$2!8((2!=&)-!4*2!065&)45!8((!2*)&'!46!JU++@!G4*$8*4)62!*:8*!8&'!'2('948%%;!586?'&)$2!467)%7'!8((&)7'5!28='!8((2!*:8*!8&'!*:'6!:4A89C'5!865!-85'!*)!46=%49*!:8&-@!!!!!!/6!&'2()62'!*)!*:'2'!*:&'8*2<!/.!5'(8&*-'6*2!*8C'!8!6$-3'&!)=!89*4)62@!,)-(./0!&'2'8&9:!=)$65!eg^!)=!)&?864Y8*4)62!D4*:!2*8==!$246?!-)34%'!5'749'2!-8658*'!(8229)5'2!*)!$6%)9C!*:'!(:)6'!)&!*83%'*@!.:42!42!8!?))5!=4&2*!2*'(!82!%)6?!82!$2'&2!87)45!3'46?!*))!)374)$2@!R'2'8&9:'&!V864'%!0-4*8;!)=!Z4?!Z&)*:'&!,8-'&8!G'9$&4*;!868%;Y'5!)7'&!JQU<UUU!(8229)5'2!865!=)$65!*:8*!+O@O^!)=!(8229)5'2!467)%7'!+U!9)-3468*4)62<!D4*:!n+JMO<1!nUUUU<1!nJQXU<1!865!n++++1!*:'!-)2*!9)--)6!(46!9:)49'2@!!V#"(<+&7+.$-(%0&7%-,%+:(+)&(2&T)+&
eg^! P8229)5'2!OU^! N69&;(*4)6!)=!58*8!)6!*:'!5'749'!MM^! R'S$4&46?!*:'!IG!865!8((2!8&'!$(!*)!58*'!D4*:!(8*9:'2<!'*9@!Jg^! V428%%)D46?!hA84%3&'8C46?i!)=!*:'!IG! !JQ^! F2'!)=!8!2'&749'!=)&!*&89C46?!865`)&!D4(46?!8!%)2*!5'749'!!I$*245'!)=!(8229)5'2<!='D!)&?864Y8*4)62!:87'!4-(%'-'6*'5!D:8*!D)$%5!3'!9)6245'&'5!8!9)-(&':'6247'!-)34%'!2'9$&4*;!2*&8*'?;@!!!! !
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! Jg!
02!/.!5'(8&*-'6*2!2*&47'!*)!2'9$&'!9)&()&8*'!58*8!865!'65!$2'&2!($2:!=)&!2*&8*'?4'2!*:8*!:'%(!469&'82'!(&)5$9*474*;!865!9)67'64'69'<!4*!D4%%!3'!9:8%%'6?46?!*)!=465!2)%$*4)62!*:8*!(%'82'!8%%!(8&*4'2@!H86;!3$246'22'2!=''%!*:8*!*:';!8&'!9$&&'6*%;!2*&4C46?!8!?))5!38%869'!cOO^d<!3$*!9%'8&%;!*:42!42!86!422$'!*:8*!&'S$4&'2!9)%%83)&8*4)6!3'*D''6!*:)2'!*&;46?!*)!2'*!2'9$&4*;!()%49;!865!*:)2'!*&;46?!*)!?'*!*:'!-)2*!$2'!)$*!)=!-)34%'!5'749'2@!
1#)(%(#2&A-:,2(3,%(#2)&P,<,2.(2:&V#"(<+&7+.$-(%0&O++9)&B)H&?#-@+-&O++9)&
OO^! G*&4C'!*:'!&4?:*!38%869'!3'*D''6!-)34%'!2'9$&4*;!865!*:'!6''52!)=!D)&C'&2!MW^! K'86!*)D8&52!-868?46?!-)34%'!2'9$&4*;!&42C2!8*!*:'!'>('62'!)=!D)&C'&!6''52!+O^! K'86!*)D8&52!D)&C'&!-)34%4*;!6''52!8*!*:'!'>('62'!)=!-868?46?!2'9$&4*;!&42C2!M^! V)6o*!C6)D!!#)&!/.!2)%$*4)6!(&)745'&2!865!7'65)&2<!-)34%4*;!&'(&'2'6*2!8!24?64=4986*!3$246'22!)(()&*$64*;<!3$*!4*!42!6)*!D4*:)$*!9:8%%'6?'2@!,%'8&%;!*:'&'!42!8!6''5!8-)6?!'65!$2'&2!*)!3'**'&!$65'&2*865!3'2*!(&89*49'2!46!-)34%'!5'749'!-868?'-'6*@!.:'!58*8!2$??'2*2!'65!$2'&2!:87'!8!&'82)683%;!2)%45!?&82(!)=!-)34%'!2'9$&4*;!*:&'8*2<!3$*!$6=)&*$68*'%;<!*:8*!8%)6'!42!)=*'6!6)*!'6)$?:!*)!2($&!=4&-2!*)!8$*)-8*498%%;!469&'82'!*:'4&!467'2*-'6*!46!(&)5$9*2!)&!2'&749'2!*)!3)%2*'&!*:'4&!5'='62'2@!!!0%)6?!D4*:!-)34%4*;<!-86;!9$2*)-'&2!8&'!8%2)!D)&C46?!*)!?&82(!*:'!4-(%498*4)62!)=!9%)$5!9)-($*46?<!34?!58*8<!2)948%!6'*D)&C46?<!$64=4'5!9)--$6498*4)62<!3$246'22!(&)9'22!8$*)-8*4)6!865!8!:)2*!)=!)*:'&!*'9:6)%)?;B5&47'6!9:86?'2!*:8*!-8;!8=='9*!*:'-@!/.!2)%$*4)6!(&)745'&2!865!7'65)&2!-)2*!D4%%46?!*)!'-3&89'!*:'!.&$2*'5!05742)&!&)%'<!D:49:!-8;!-'86!289&4=4946?!2:)&*B*'&-!?8462!46!=87)&!)=!8!%)6?B*'&-!&'%8*4)62:4(<!D4%%!3'!3'2*!()24*4)6'5!*)!2$99''5@!!!!#)&!-)34%'!2'9$&4*;<!*:42!*&862%8*'2!*)!:'%(46?!9$2*)-'&2!$65'&2*865!*:'4&!9$&&'6*!865!=$*$&'!6''52!46!*:'!8&'82!)="!
• H)34%'!V'749'!H868?'-'6*!cHVHd!• H)34%'!G'9$&4*;!G)=*D8&'!• ,%)$5!G;6946?!G'&749'2!• H)34%'!j4&*$8%4Y8*4)6!• ,$&8*'5!0((!G*)&'2!
!!
!
!
!
!
!
!
!
!
www.comptia.org
RE
SE
AR
CH
INFORMATION SECURITY TRENDS
N I N T H A N N U A L • F E B R U A R Y 2 0 1 2
S E C T I O N 4 : S E C U R I T Y P R O C E S S E S A N D P R O C E D U R E S
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! Je!
/+0&1#(2%)&
• .:&''!S$8&*'&2!)=!)&?864Y8*4)62!&'()&*!:8746?!8!D&4**'6!2'9$&4*;!()%49;!46!(%89'@!.:42!42!24?64=4986*%;!-)&'!*:86!*:'!QQ^!D:)!&'()&*'5!:8746?!8!D&4**'6!()%49;!46!(%89'!46!JU+U<!8!()24*47'!24?6!-)&'!)&?864Y8*4)62!:87'!'-3&89'5!8!-$%*4B(&)6?'5!2'9$&4*;!2*&8*'?;@!I&?864Y8*4)62!*:8*!(%89'!8!:4?:!(&4)&4*;!)6!2'9$&4*;!8&'!-)&'!%4C'%;!*)!:87'!8!D&4**'6!()%49;!46!(%89'!*:86!*:)2'!D:'&'!2'9$&4*;!42!8!-'54$-!)&!%)D!(&4)&4*;!cXU^!72@!gM^d@!0554*4)68%%;<!)&?864Y8*4)62!*:8*!:87'!9)6=45'69'!46!*:'4&!5'='62'2!8&'!-)&'!%4C'%;!*)!:87'!8!D&4**'6!()%49;!46!(%89'@!!!
• ,)-(864'2!6''5!*)!*&846!'-(%);''2!865!'6=)&9'!*:'!4-(%'-'6*8*4)6!)=!2'9$&4*;!()%494'2@!V8*8!=&)-!*:42!2*$5;!465498*'2!*:8*!*:'!-846!&'82)6!=)&!8!2'9$&4*;!3&'89:!8**&43$*'5!*)!:$-86!'&&)&!D82!*:'!=84%$&'!)=!'65B$2'&2!*)!=)%%)D!2'9$&4*;!(&)9'5$&'2!865!()%494'2<!D4*:!QU^!)=!*:'!&'2()65'6*2!&8*46?!4*!82!8!9)6*&43$*46?!=89*)&@!#)&-8%4Y46?!2'9$&4*;!()%494'2!*:8*!855&'22!*:&'8*2!&'2$%*46?!=&)-!*:'!469&'8246?!-4>!)=!('&2)68%!865!3$246'22!*'9:6)%)?4'2!c4@'@!2-8&*(:)6'2!865!2)948%!6'*D)&C2d!865!85'S$8*'%;!*&84646?!'-(%);''2!*)!=)%%)D!*:'2'!()%494'2!986!24?64=4986*%;!&'5$9'!*:'!%4C'%4:))5!)=!2'9$&4*;!3&'89:'2@!&
• H$%*4B5'(8&*-'6*!467)%7'-'6*!46!=)&-$%8*46?!2'9$&4*;!()%494'2!42!'2('948%%;!*&$'!=)&!%8&?'&!)&?864Y8*4)62!D4*:!XJ^!)=!%8&?'!9)-(864'2!6)*46?!*:8*!2'9$&4*;!()%49;!=)&-$%8*4)6!42!8!A)46*!'==)&*<!9)-(8&'5!*)!gQ^!)=!2-8%%!9)-(864'2!D:)!2845!4*!D82!8!A)46*!'==)&*@!/6!9)-(864'2!D:'&'!2'9$&4*;!42!8!:4?:!(&4)&4*;<!3$246'22!865!/.!*'8-2!D)&C!*)?'*:'&!*)!=)&-$%8*'!8!()%49;@&&
• H)2*!=4&-2!&'()&*!*&89C46?!2'9$&4*;!'=='9*47'6'22!46!2)-'!D8;@!#4=*;!B=47'!('&9'6*!28;!*:8*!*:';!$2'!2'9$&4*;!-'*&492!8%4?6'5!D4*:!3$246'22!)3A'9*47'2!865!+M^!28;!*:'4&!-'*&492!8&'!*'9:6498%!46!68*$&'@!&
&
&
&
&
&
&
&
&
&
&
&
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! JX!
&
>'+&*#<+&=#-8#-,%+&7+.$-(%0&1#<(.(+)&
!/6!&'2()62'!*)!D45'2(&'85!9;3'&2'9$&4*;!*:&'8*2<!82!5'*84%'5!46!012"/,&6$A$(&5$=$)=!*:42!&'()&*<!)&?864Y8*4)62!'-(%);!8!6$-3'&!)=!28='?$8&52@!.:'!2*8658&5!2'9)65!(4%%8&!)=!5'='62'2!42!*:'!9)&()&8*'!2'9$&4*;!()%49;@!/6!8554*4)6!*)!*:'!54&'9*!3'6'=4*2!*)!*:'!)&?864Y8*4)6<!2'9$&4*;!()%494'2!(&)745'!4654&'9*!3'6'=4*2!46!5'-)62*&8*46?!5$'!54%4?'69'!*)!9$2*)-'&2<!2:8&':)%5'&2<!&'?$%8*)&2!865!)*:'&!2*8C':)%5'&2@!a'%%!*:)$?:*!)$*!865!'>'9$*'5!()%494'2!865!(&)9'5$&'2!9)67';!*)!)$*245'&2!8!2*&$9*$&'5!865!(&)89*47'!8((&)89:!*)!2'9$&4*;!L!86!4-()&*86*!'%'-'6*!)=!58-8?'!9)6*&)%!2:)$%5!8!3&'89:!)99$&@!!!!!V8*8!=&)-!,)-(./012!!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56!2*$5;!2:)D2!*:8*!*:&''!S$8&*'&2!)=!)&?864Y8*4)62!&'()&*!:8746?!8!D&4**'6!2'9$&4*;!()%49;!46!(%89'@!.:42!42!24?64=4986*%;!-)&'!*:86!*:'!QQ^!D:)!&'()&*'5!:8746?!8!D&4**'6!()%49;!46!(%89'!46!JU+U<!8!()24*47'!24?6!-)&'!)&?864Y8*4)62!:87'!'-3&89'5!8!-$%*4B(&)6?'5!2'9$&4*;!2*&8*'?;@!!.:42!2*$5;!545!6)*!?)!46*)!5'*84%!)6!*:'!2('94=492!)=!*:)2'!D4*:!()%494'2<!3$*!4*12!822$-'5!*:';!&86?'!=&)-!38249!*)!'>*'6247'@!G)-'!&'2()65'6*2!%4C'%;!2''!*:'!'-(%);''!-86$8%<!D:49:!-8;!9)6*846!86!899'(*83%'!$2'!()%49;!9)7'&46?!9)-(86;!(&)('&*;<!5)$3%46?!82!8!2'9$&4*;!()%49;@!.:42!-8;!'>(%846!2)-'!)=!*:'!78&4869'!46!2'9$&4*;!()%49;!&8*'2<!2$9:!82!*:'!%)D'&!46945'69'!&'()&*'5!3;!G;-86*'9!8-)6?!GHZ2@!!T)*!2$&(&4246?%;<!)&?864Y8*4)62!*:8*!(%89'!8!:4?:!(&4)&4*;!)6!2'9$&4*;!8&'!-)&'!%4C'%;!*)!:87'!8!D&4**'6!()%49;!46!(%89'!*:86!*:)2'!D:'&'!2'9$&4*;!42!8!-'54$-!)&!%)D!(&4)&4*;!cXU^!72@!gM^d@!0554*4)68%%;<!)&?864Y8*4)62!*:8*!:87'!9)6=45'69'!46!*:'4&!5'='62'2!8&'!-)&'!%4C'%;!*)!:87'!8!D&4**'6!()%49;!46!(%89'@!!!
!!!!!!!!!!!!!!!!!!!!!!!
!"#$
%&#$
'#$
()*$+,-$$./-0/1$-)$$2304-0$4$$5)6728$9))/$
:09*$$;4<0$4$$5)6728$$
()*$4/1$$/)$564/9$$
!"#$%&'()$*)+$,-".&/0)1/-$%')2"3&.4)"))5%&6/.)7/89%&'():$;&8()&.):;"8/)
./2710/20$)=$>02,37-8$?)6728$+8$@73A$>7B0C$)<"%4/)=%,0)>)?@A)!/B&9,)=%,0)>)CDA)7,";;)=%,0)>)@EA)
Source: CompTIA’s 9th Annual Information Security Trends study F"0/G)HEE)IJ7J)KL)".B)F90&./00)MN/89O3/0)%/0-$.0&P;/)*$%)0/89%&'()
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! JW!
,)-(864'2!5)!6)*!A$2*!6''5!*)!(&)89*47'%;!5'7'%)(!()%494'2!*)!2'9$&'!46=)&-8*4)6!865!*:)2'!5'8%46?!D4*:!4*!3$*!8%2)!6''5!*)!*&846!'-(%);''2!865!'6=)&9'!*:'!4-(%'-'6*8*4)6!)=!2'9$&4*;!()%494'2@!V8*8!=&)-!*:42!2*$5;!465498*'2!*:8*!*:'!-846!&'82)6!=)&!8!2'9$&4*;!3&'89:!8**&43$*'5!*)!:$-86!'&&)&!D82!*:'!=84%$&'!)=!'65B$2'&2!*)!=)%%)D!2'9$&4*;!(&)9'5$&'2!865!()%494'2<!D4*:!QU^!)=!*:'!&'2()65'6*2!&8*46?!4*!82!8!9)6*&43$*46?!=89*)&@!.:4&*;B646'!('&9'6*!)=!&'2()65'6*2!()46*!*)!*:'!=84%$&'!)=!/.!2*8==!*)!=)%%)D!'2*83%42:'5!2'9$&4*;!(&)*)9)%2!82!*:'!&'82)6!=)&!8!2'9$&4*;!3&'89:!98$2'5!3;!:$-86!'&&)&@!!
0!2$&7';!)=!WWU!'65!$2'&2!9)65$9*'5!3;!*:'!2'9$&4*;!=4&-!074&8!&'4*'&8*'5!*:42!9)69'&6!865!2:)D'5!*:8*!MQ^!5)!6)*!9)6245'&!4*!4-()&*86*!*)!=)%%)D!2'9$&4*;!()%494'2!865!Jg^!3'%4'7'!*:8*!2'9$&4*;!42!*:'!/.!5'(8&*-'6*`2;2*'-!85-4642*&8*)&12!9)69'&6@!V'2(4*'!*:'!($3%494*;!*:8*!2'9$&4*;!3&'89:'2!?'*<!-86;!'-(%);''2!8&'!)=*'6!*))!'6?&)22'5!46!*:'4&!A)32!865!5'85%46'2!*)!&'-'-3'&!()%494'2@!!!.:'&'!42!8%2)!*:'!=89*!*:8*!-)2*!9)-(864'2!(&)745'!86!)7'&74'D!)=!()%494'2!D:'6!86!'-(%);''!42!:4&'5!865!42!5'%$?'5!3;!8!%)*!)=!46=)&-8*4)6!)6!()%494'2!865!(&)9'5$&'2!865!42!$6%4C'%;!*)!&'*846!*:'!46=)&-8*4)6!)6!8!2('94=49!()%49;!=)&!%8*'&!$2'@!!!H)&')7'&<!=)&-8%4Y46?!2'9$&4*;!()%494'2!*:8*!855&'22!*:&'8*2!&'2$%*46?!=&)-!*:'!469&'8246?!-4>!)=!('&2)68%!865!3$246'22!*'9:6)%)?4'2!c4@'@!2-8&*(:)6'2!865!2)948%!6'*D)&C2d!865!85'S$8*'%;!*&84646?!'-(%);''2!*)!=)%%)D!*:'2'!()%494'2!986!24?64=4986*%;!&'5$9'!*:'!%4C'%4:))5!)=!2'9$&4*;!3&'89:'2@!0!9)&()&8*'!46=)&-8*4)6!2'9$&4*;!()%49;!'62$&'2!9)6=45'6*48%4*;<!46*'?&4*;!865!8784%834%4*;!)=!58*8!46!86!'674&)6-'6*!D:'&'!(:;2498%!3)$658&4'2!:8&5%;!-8**'&!865!46=)&-8*4)6!42!469&'8246?%;!54?4*4Y'5@!E47'6!*:8*!*:'!58*8!=&)-!*:42!2*$5;!2:)D2!*:8*!:$-86!'&&)&!42!8!24?64=4986*!9)6*&43$*)&!*)!2'9$&4*;!3&'89:'2<!*:'!4-()&*869'!)=!8!()%49;!=&8-'D)&C!9866)*!3'!$65'&'2*4-8*'5@!!!/.!2)%$*4)6!(&)745'&2!865!7'65)&2!*:8*!)7'&%))C!*:'!()%49;!865!*&84646?`'5$98*4)6!'%'-'6*!)=!*:'4&!2'9$&4*;!)=='&46?2!&$6!*:'!&42C!)=!2*)((46?!2:)&*!)=!8!=$%%;!28*42=4'5!9$2*)-'&@!T)*!*)!-'6*4)6<!*:'!-422'5!3$246'22!)(()&*$64*4'2!865!%);8%*;!822)948*'5!D4*:!8!%)6?B*'&-!*&$2*'5!85742)&!&'%8*4)62:4(@!!&
& &
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! MU!
7+.$-(%0&1#<(.0&M<+6+2%)&
!/69&'8246?%;<!46=)&-8*4)6!2'9$&4*;!42!74'D'5!82!-)&'!*:86!A$2*!86!/.!422$'<!3$*!&8*:'&!8!3$246'22!422$'<!&'S$4&46?!8%4?6-'6*!D4*:!*:'!2*&8*'?49!54&'9*4)6!)=!*:'!9)-(86;@!.:42!8((&)89:!986!3'!2''6!46!:)D!9)&()&8*'!2'9$&4*;!()%494'2!8&'!6)D!=)&-$%8*'5@!.:'!58*8!465498*'2!24?64=4986*!9)%%83)&8*4)6!3'*D''6!/.!865!3$246'22!'>'9$*47'2!46!5'7'%)(46?!9)&()&8*'!2'9$&4*;!()%494'2@!!H$%*4B5'(8&*-'6*!467)%7'-'6*!42!'2('948%%;!*&$'!=)&!%8&?'&!)&?864Y8*4)62!D4*:!XJ^!)=!%8&?'!9)-(864'2!6)*46?!*:8*!2'9$&4*;!()%49;!=)&-$%8*4)6!42!8!A)46*!'==)&*<!9)-(8&'5!*)!gQ^!)=!2-8%%!9)-(864'2!D:)!2845!4*!D82!8!A)46*!'==)&*@!/*!2*8652!*)!&'82)6!*:8*!46!8!?&'8*'&!(&)()&*4)6!)=!9)-(864'2!D:'&'!2'9$&4*;!42!8!:4?:!(&4)&4*;<!3$246'22!865!/.!*'8-2!D)&C!*)?'*:'&!*)!=)&-$%8*'!8!()%49;@!.:'!JU++!G*&8*'?49!G'9$&4*;!G$&7';!9)65$9*'5!3;!/6=)&-8*4)6!a''C!8%2)!=)$65!?&)D46?!467)%7'-'6*!)=!3$246'22!'>'9$*47'2!46!*:'!=)&-$%8*4)6!)=!2'9$&4*;!()%49;@!!Z$246'22!'>'9$*47'!467)%7'-'6*!46!2'9$&4*;!()%49;!=)&-$%8*4)6!42!'2('948%%;!9&4*498%!46!*:'!8&'82!)=!&'?$%8*)&;!9)-(%4869'!865!'2*83%42:46?!8!9%'8&!54294(%468&;!(8*:D8;!=)&!()%49;!74)%8*4)62@!!.)!3'!'=='9*47'!8!2'9$&4*;!()%49;!6''52!*)!3'!$65'&2*86583%'<!&'8%42*49<!9)6242*'6*<!'6=)&9'83%'<!9)--$6498*'5!'=='9*47'%;<!&'74'D'5!8*!&'?$%8&!46*'&78%2!865!=%'>43%'@!,)-(./0!58*8!2:)D2!*:8*!9)-(864'2!*&;!*)!2*&4C'!*:'!38%869'!3'*D''6!-868?46?!&42C2!865!-''*46?!*:'!6''52!)=!D)&C'&2@!#)&!'>8-(%'<!=)&!-)34%'!5'749'2<!OO^!)=!9)-(864'2!3'%4'7'!*:';!:87'!2*&$9C!*:'!&4?:*!38%869'!D:'6!4*!9)-'2!*)!-)34%4*;!6''52!)=!'-(%);''2!865!*:'!2'9$&4*;!&'S$4&'-'6*2!)=!*:'!'6*'&(&42'@!!
& &
!"#$%&'()*+,&#()-+%.$,/0+1)&2)31#%"/2&14,()/)-$1#0+1)+5)6$2&1"22)/17)38)
!"#$%&'()*+,&#()-+%.$,/0+1) 23")45")+6)7"'%)'+)855"55)!"#$%&'()9:"#0;"1"55)
!+$%#"9):+.;83<=2!"#$!%&&'()!*&+,-.(/,&!012'-3#4!5-1&67!2'$7()6/2"9)>??)@A!A)38)+%)6$2&1"22)"B"#$0C"2)%"2;+12&D,")5+%)2"#$%&'()
<=>)
?>)
@A>)
B2)C)D$5&1"55)9E"#5)
IT Only
Business Execs Only
FF> )@2")2"#$%&'()."'%)/,&41"7)E&'F)D$2&1"22)+DG"#0C"2)
)<G> )@2")'"#F1&#/,)2"#$%&'()
."'%)))=> )@2")2+.")+'F"%)'(;")+5)
."'%))<H> )31)'F");%+#"22)+5)
7"C",+;&14)2"#$%&'()."'%)
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! M+!
.:'!G0TG!/62*4*$*'<!8!9))('&8*47'!&'2'8&9:!865!'5$98*4)6!)&?864Y8*4)6<!(&)745'2!8!6$-3'&!)=!$2'=$%!2'9$&4*;!()%49;!*'-(%8*'2!865!'>8-(%'2"!:**("``DDD@2862@)&?`2'9$&4*;B&'2)$&9'2`()%494'2`!!/69%$546?!'-'&?46?!8&'82<!2$9:!82"!H)34%'!G'9$&4*;!P)%49;"!:**("``DDD@2862@)&?`2'9$&4*;B&'2)$&9'2`()%494'2`-)34%'@(:(!!&
!))+))(2:&%'+&M44+.%(B+2+))&7+.$-(%0&7,4+:$,-9)&,29&7%-,%+:(+)&
!.:'!858?'<!h/=!;)$!986!6)*!-'82$&'!4*<!;)$!986!6)*!4-(&)7'!4*<i!42!8!9)69'(*!*:'!28774'2*!)=!)&?864Y8*4)62!*8C'!*)!:'8&*@!02!6)*'5!46!*:'!(&'74)$2!9:8&*<!-)2*!=4&-2!&'()&*!*&89C46?!2'9$&4*;!'=='9*47'6'22!46!2)-'!D8;@!#&)-!86!/.!5'(8&*-'6*!('&2('9*47'<!-'*&492!-8;!:'%(!-8C'!*:'!982'!=)&!8554*4)68%!467'2*-'6*2!46!2'9$&4*;!D:'6!9)-('*46?!=)&!298&9'!3$5?'*!5)%%8&2@!#&)-!*:'!('&2('9*47'!)=!3$246'22!'>'9$*47'2<!-'*&492!-8;!:'%(!*)!(&)745'!4624?:*!46*)!*:'!&42C!(&)=4%'!)=!*:'!)&?864Y8*4)6!865!3'**'&!'683%'!%'85'&2!*)!=$%=4%%!*:'4&!?)7'&6869'!5$*4'2@!I6!*:'!RI/!=&)6*<!-'*&492!?$45'!5'9424)62!46!:)D!*)!8%%)98*'!&'2)$&9'2!46!*:'!8&'82!)=!2'9$&4*;!*'9:6)%)?;<!()%49;!865!*&84646?@!!!0*!*:'!-)2*!38249!%'7'%<!2'9$&4*;!-'*&492!-8;!2*8&*!D4*:!&'()&*46?!=&)-!86*4B74&$2!2)=*D8&'<!2$9:!82!*:'!6$-3'&!)=!-8%D8&'!*:&'8*2!98$?:*<!S$8&86*46'5!)&!9%'86'5@!.:42!*;('!)=!58*8!42!*'9:6498%!46!68*$&'!865!899)&546?!*)!,)-(./0!&'2'8&9:<!+M^!)=!)&?864Y8*4)62!&'%;!(&4-8&4%;!)6!*:42!822'22-'6*!)=!2'9$&4*;!'=='9*47'6'22@!!Z'98$2'!2'9$&4*;!:82!3'9)-'!-$9:!-)&'!9)-(%'>!*:86!24-(%;!5'='6546?!*:'!('&4-'*'&!748!86*4B74&$2!2)=*D8&'<!-86;!)&?864Y8*4)62!&'S$4&'!8!3&)85'&!2'*!)=!-'82$&'2@!G)-'!'>8-(%'2!469%$5'"!!
B /.!2*8==!&'2()62'!*4-'!*)!2'9$&4*;!46945'6*2!B G;2*'-!5)D6*4-'!5$'!*)!2'9$&4*;!46945'6*2!B H)6'*8&;!78%$'!)=!%)22!)=!2*8==!*4-'!)&!(&)5$9*474*;!5$'!*)!2'9$&4*;!46945'6*2!B .4-'!3'*D''6!&'%'82'!)=!(8*9:'2!865!462*8%%8*4)6!B T$-3'&!)=!:'%(5'2C!*49C'*2!*:8*!8&'!2'9$&4*;!&'%8*'5!B T$-3'&!)=!/.!2*8==!865!'65!$2'&2!*:8*!:87'!9)-(%'*'5!2'9$&4*;!*&84646?!B T$-3'&!)=!:)%'2!)&!7$%6'&834%4*4'2!45'6*4=4'5!3;!('6'*&8*4)6!*'2*46?!B T$-3'&!)=!(:42:46?!'-84%2!*:8*!?'*!*:&)$?:!86*4B2(8-!'==)&*2!B ,)$6*!)=!6$-3'&!)=!2'624*47'!58*8!=4%'2!=)$65!)6!9)-($*'&2!)&!2'&7'&2!D:'&'!*:';!2:)$%561*!3'!B T$-3'&!)=!58*8!%)22!46945'6*2!)99$&&46?!=&)-!2*8==!2:8&46?!748!2)948%!-'548!
!0-)6?!*:'!QQ^!)=!)&?864Y8*4)62!D4*:!2'9$&4*;!-'*&492!8%4?6'5!D4*:!3$246'22!)3A'9*47'2<!)6%;!JX^!&'()&*!*:'!-'*&492!)6!8!&'?$%8&!38242<!2$9:!82!S$8&*'&%;!)&!866$8%%;@!.:42!4-(%4'2!*:8*!D:4%'!-86;!)&?864Y8*4)62!9%84-!*)!:87'!8!2;2*'-!46!(%89'!=)&!*&89C46?!2'9$&4*;!-'*&492<!8!()&*4)6!)=!*:'2'!=4&-2!8&'!5)46?!2)!)6!86!85!:)9!38242<!D:49:!%4-4*2!*:'!78%$'!)=!3'46?!83%'!*)!9)66'9*!2'9$&4*;!-'*&492!*)!3$246'22!)3A'9*47'2!865`)&!89*46?!)6!*:'!-'*&492@!
V8*8!=&)-!*:'!W*:!066$8%!/6=)&-8*4)6!G'9$&4*;!.&'652!G*$5;!8%2)!2:)D2!*:8*!)&?864Y8*4)62!D4*:!8!=)&-8%<!D&4**'6!2'9$&4*;!()%49;!8&'!-)&'!%4C'%;!*)!78%$'!*&84646?!865!=)%%)D!-)&'!=)&-8%!(&)9'22'2!)=!9'&*4=498*4)6!D:'6!9)-(8&'5!*)!*:)2'!*:8*!5)61*!:87'!8!=)&-8%!()%49;@!
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! MJ!
E-(B+-)&=#-8#-,%+&7+.$-(%0&1#<(.0&=',2:+)!!/-(&)7'-'6*2!*)!8!2'9$&4*;!()%49;!8&'!%8&?'%;!&'89*47'!865!8&'!)=*'6!8!&'2()62'!*)!8!3&'89:!'>('&4'69'5!46*'&68%%;!cMU^d<!3'98$2'!)=!86!46945'6*!*:8*!:82!:8(('6'5!'%2'D:'&'!cO+^d!)&!*)!9)-(%;!D4*:!&'?$%8*4)62!cMe^d@!I*:'&!&'82)62!*:8*!-)*478*'!9:86?'2!8&'!&'9)--'658*4)62!=&)-!8!2'9$&4*;!9)62$%*86*!cOU^d!865!7$%6'&834%4*4'2!5429)7'&'5!3;!)$*245'!(8&*4'2!cJW^d@!.:'!46($*!)=!2'9$&4*;!9)62$%*86*2!42!-)&'!)=!8!=89*)&!46!%8&?'!865!-'54$-!24Y'5!)&?864Y8*4)62@!!!G)-'!)=!*:'!89*4)62!*8C'6!46!&'2()62'!*)!46945'6*2!)&!(&)89*47'%;!8&'!%42*'5!46!*:'!9:8&*!3'%)D@!K8&?'!)&?864Y8*4)62!8&'!-)&'!%4C'%;!*)!:87'!$65'&*8C'6!&'74'D2!)=!2;2*'-2<!2'&7'&2!865!=4&'D8%%2!865!$(58*'5!2*8==!*&84646?!D:'6!9)-(8&'5!*)!2-8%%!865!-'54$-!24Y'5!'6*'&(&42'2@!T)*!2$&(&4246?%;!)&?864Y8*4)62!D:'&'!2'9$&4*;!42!8!(&4)&4*;!:87'!*8C'6!-)&'!)=!*:'2'!89*4)62!D:'6!9)-(8&'5!*)!*:)2'!D:)!&8*'!2'9$&4*;!82!8!-'54$-`%)D!(&4)&4*;@!!!
!
I6'!'>8-(%'!)=!)&?864Y8*4)62!&'=4646?!*:'4&!2'9$&4*;!()%49;!46!&'2()62'!*)!&42C2!2*'-2!=&)-!*:'!(&)*&89*'5!865!5''(!&'9'224)6@!099)&546?!*)!,)-(./0!58*8!=&)-!JU+U<!MO^!)=!F@G@!3$246'22'2!3'%4'7'5!*:'!46*'&68%!2'9$&4*;!*:&'8*!8*!*:'4&!)&?864Y8*4)6!469&'82'5!82!8!&'2$%*!)=!*:'!54==49$%*!'9)6)-49!*4-'2@!K8;)==2<!%)D!-)&8%'!865!5'2('&8*4)6!-8;!%'85!)*:'&D42'!:)6'2*!'-(%);''2!*)!9&)22!*:'!%46'@!.:'!?&'8*'2*!9)69'&6!98-'!=&)-!5'(8&*46?!'-(%);''2!:8746?!C6)D%'5?'!)=!%)?462<!899'22!()46*2!865!)*:'&!7$%6'&834%4*4'2!cMQ^d<!=)%%)D'5!3;!*:'!&42C!*)!(&)(&4'*8&;!58*8<!9)5'!)&!)*:'&!46*'%%'9*$8%!(&)('&*;!cJW^d@!H)&'!*:86!:8%=!)=!)&?864Y8*4)62!$(58*'5!cJW^d!)&!(%866'5!*)!$(58*'!cMU^d!*)!*:'4&!2'9$&4*;!()%49;!46!&'2()62'!*)!*:8*!422$'@!N7'6!*:)$?:!*:'!58*8!D82!9)%%'9*'5!46!JU+U<!*:'!&42C!42!A$2*!82!(&'78%'6*!*)58;@!!
!"#$%&'()*+%',%'-+&.$%&+'/$')'0+"12,/3'4%",5+%/672+)"8''
!"#
$$"#
%&"#
'&"#
'("#
)'"#
)*"#
+,"#
+'"#
9$%+'$:'/8+');$<+''
-+<,+=+5'.2$"+&&'/$';2,%>'+?.+2/',%''
-+<,+=+5'4%/21&,$%'@+/+"#$%'03&/+A''
-+<,+=+5'1.5)/+5'>$<+2%)%"+':2)A+=$2*'
-+<,+=+5'+?/+2%)B'<1B%+2);,B,/3')&&+&&A+%/&''
-+<,+=+5'.2$"+&&':$2',%&/)BB,%>'&+"12,/3'1.5)/+&'
-+<,+=+5'&/)C'&+"12,/3'/2),%,%>''
-+<,+=+5'&+"12,/3'.$B,"3'
-+<,+=+5'"$%D>12)#$%'$:'&3&/+A&''
Source: CompTIA’s 9th Annual Information Security Trends study 7)&+E'500'FG0G'4(')%5'71&,%+&&'H?+"1#<+&'2+&.$%&,;B+':$2'&+"12,/3'
-./0#102.345#1678#$%#/398:7#
www.comptia.org
RE
SE
AR
CH
INFORMATION SECURITY TRENDS
N I N T H A N N U A L • F E B R U A R Y 2 0 1 2
S E C T I O N 5 : T H E R O L E O F S E C U R I T Y T R A I N I N G A N D C E R T I F I C AT I O N
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! MM!
/+0&1#(2%)&
• R'?8&5%'22!)=!:)D!*:'!46=)&-8*4)6!2'9$&4*;!%865298('!9:86?'2<!*:'!:$-86!=89*)&!&'-8462!*:'!)6'!9)62*86*!=89*)&@!!,)-(./012!58*8!=)$65!*:8*!O+^!)=!)&?864Y8*4)62!&'()&*!-)5'&8*'!)&!24?64=4986*!5'=494'694'2!46!2'9$&4*;!'>('&*42'!8-)6?!*:'4&!/.!2*8==@!!,)69'&6!42!'2('948%%;!:4?:!D4*:!462$==494'6*!2'9$&4*;!'>('&*42'!82!4*!&'%8*'2!*)!D'324*'2!865!8((%498*4)62@!T'*D)&C2<!2'&7'&2!865!)*:'&!46=&82*&$9*$&'!8&'!-'6*4)6'5!82!D'%%<!3$*!8*!8!2%4?:*%;!%)D'&!&8*'@!!!
• ,)-(./012!&'2'8&9:!465498*'2!83)$*!OU^!)=!(&)='224)68%2!5'7'%)('5!*:'4&!2C4%%2!(&4-8&4%;!*:&)$?:!'>('&4'69'<!D:4%'!JM^!&'%4'5!:'874%;!)6!=)&-8%!*&84646?`'5$98*4)6@!.:'!-455%'!Mg^!94*'5!3)*:!'S$8%%;@!0-)6?!*:)2'!D4*:!5'=494'694'2!46!2)-'!8&'8!)=!2'9$&4*;<!*:'!?&'8*'2*!6$-3'&!)=!&'2()65'6*2!3'%4'7'!-)&'!*&84646?`'5$98*4)6!42!6''5'5!*)!855&'22!*:'!2:)&*9)-46?2@!G-8%%'&!=4&-2!8(('8&!*)!:87'!8!2*&)6?'&!6''5!=)&!=)&-8%!*&84646?`'5$98*4)6!*:86!%8&?'&!=4&-2!cQX^!72@!MW^d@!!!
• I6!87'&8?'<!)&?864Y8*4)62!&'()&*!3'46?!83)$*!MU^!2:)&*!)=!:'859)$6*!5'7)*'5!*)!2'9$&4*;@!F6=)&*$68*'%;<!46!*:'!&'8%!D)&%5!)=!h5)!-)&'!D4*:!%'22<i!-)2*!9)-(864'2!8&'!=)&9'5!*)!)('&8*'!8*!%'22!*:86!)(*4-8%!2*8==46?!%'7'%2@!k4&46?!46*'6*!=)&!2'9$&4*;!(&)='224)68%2!42!)6!*:'!&42'<!82!Og^!)=!)&?864Y8*4)62!24?68%!*:'4&!46*'6*!*)!:4&'!2'9$&4*;!2('948%42*2!)7'&!*:'!6'>*!*D)!;'8&2@!.:42!9)$%5!3'!9:8%%'6?46?!*:)$?:!?47'6!*:'!'>('&4'69'!)=!*:)2'!*:8*!:87'!8%&'85;!8**'-(*'5!*)!:4&'!2'9$&4*;!2('948%42*2@!
!• H)&'!*:86!X!46!+U!)&?864Y8*4)62!=)&-8%%;!)&!46=)&-8%%;!$2'!2'9$&4*;!9'&*4=498*4)62!82!8!-'862!*)!
78%458*'!'>('&*42'@!I&?864Y8*4)62!74'D!9'&*4=4'5!2*8==!82!86!46*'?&8%!(8&*!)=!*:'4&!2'9$&4*;!8((8&8*$2@!.:'!78%458*4)6!(&)745'5!3;!9'&*4=498*4)6!42!'745'6*!3;!*:'!:4?:!%'7'%!)=!8?&''-'6*!*)!9'&*4=4'5!2*8==!3'46?!-)&'!78%$83%'!*)!*:'!)&?864Y8*4)6<!:8746?!(&)7'6!'>('&*42'!865!*:'!3'%4'=!*:8*!*:'!)&?864Y8*4)6!42!-)&'!2'9$&'!3'98$2'!)=!*:'!(&'2'69'!)=!9'&*4=4'5!2*8==!
!!!
!
!
!
!
!
!
!
!
!
&
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! MO!
!))+))6+2%&5>&7%,44!!R'?8&5%'22!)=!:)D!*:'!46=)&-8*4)6!2'9$&4*;!%865298('!9:86?'2<!)6'!9)62*86*!D4%%!8%D8;2!&'-846!L!*:'!:$-86!=89*)&@!02!9)7'&'5!46!012"/,&$A!)=!*:42!&'()&*<!)&?864Y8*4)62!94*'!())&!5'9424)62!3;!2*8==!82!8!9)6*&43$*46?!=89*)&!46!-86;!2'9$&4*;!46945'6*2@!G)-'!)=!*:'2'!())&!5'9424)62!2*'-!=&)-!*:'!=84%$&'!*)!=)%%)D!9)-(86;!2'9$&4*;!()%494'2<!3$*!)*:'&2!8&'!8!54&'9*!&'2$%*!)=!462$==494'6*!*&84646?@!!!099)&546?!*)!*:'!,)-(./0!58*8<!O+^!)=!)&?864Y8*4)62!&'()&*!-)5'&8*'!)&!24?64=4986*!5'=494'694'2!46!2'9$&4*;!'>('&*42'!8-)6?!*:'4&!/.!2*8==@!!,)69'&6!42!'2('948%%;!:4?:!D4*:!462$==494'6*!2'9$&4*;!'>('&*42'!82!4*!&'%8*'2!*)!D'324*'2!865!8((%498*4)62@!T'*D)&C2<!2'&7'&2!865!)*:'&!46=&82*&$9*$&'!8&'!-'6*4)6'5!82!D'%%<!3$*!8*!8!2%4?:*%;!%)D'&!&8*'@!!!/6*'&'2*46?%;<!2-8%%'&!=4&-2!&8*'!*:'4&!/.!2*8==21!%'7'%!)=!'>('&*42'!D4*:!2'9$&4*;!8*!83)$*!*:'!28-'!&8*'2!82!%8&?'&!=4&-2!cgO^!)=!%8&?'!=4&-2!&8*'!*:'4&!/.!2*8==!82!:8746?!*:'!8((&)(&48*'!%'7'%!)=!'>('&*42'!72@!QQ^!=)&!2-8%%!=4&-2d@!!
!!!!&
&
!"#$"%&"'()*$#+*,-$."/01-(2"3045(#26"7810(,.0"9*1.":;-$)"<="32*>"
!"#$%&'()*+(,")-$.()('/$01$2/34&*56$
78$
798$
:;8$
<="32*>"2*')*<3()5=6">/<3*/)5"#$"3045(#26"7810(,.0""
?@8$ ?(#;*(#@6"#$AB-5.0"C6")0$0(*@"<=".2*>"
?@8$ ?(#;*(#@6"#$AB-5.0"C6"D0D#4*20D"<=".045(#26".2*>"
@8$ ?(#;*(#@6"-52.-5(40D"
3-5(40E"F-;1=<:G.!"#$!%&&'()!*&+,-.(/,&!012'-3#4!5-1&67!.25D6"H*.0E"I&&"JK3K"<="-("H5.#$0.."08045,L0."M*N*"0$D"5.0(.O"
:8$ P6C(#D"*11(-*4B"Q"1*(,*@@6"#$AB-5.0"R"1*(,*@@6"-52.-5(40D""
98$ '2B0("<="32*>"B*.":11(-1(#*20"S0L0@"-T"3045(#26"7810(,.0"
<="32*>"."A/&(5/=6">/<3*/)5"#$"3045(#26"7810(,.0""
B(,)'$"C$01$25(D$2/34&*56$EFG/&,-/$
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! MQ!
568-#B(2:&7+.$-(%0&MW8+-%()+&
!.:'!5'38*'!3'*D''6!*:'!&)%'!)=!'>('&4'69'!865!*:'!&)%'!)=!'5$98*4)6!46!2:)&*!865!%)6?B*'&-!('&=)&-869'!42!(&)383%;!82!)%5!82!*:'!D)&C(%89'!865!29:))%2!*:'-2'%7'2@!,%'8&%;<!3)*:!h%'8&646?!3;!5)46?i!865!=)&-8%!*&84646?`'5$98*4)6!9)6*&43$*'!*)!2$99'22<!865!;'*<!*:'4&!D'4?:*46?2!986!78&;!24?64=4986*%;@!G)-'!)99$(8*4)62!:87'!:4?:!'5$98*4)68%!38&&4'&2!*)!'6*&;!c*:46C!*:'!%'?8%!)&!-'5498%!(&)='224)6d@!.'9:6)%)?;<!)6!*:'!)*:'&!:865<!42!8!6)*83%'!'>8-(%'!)=!D:'&'!54=='&'6*!9)-3468*4)62!)=!)6B*:'BA)3!*&84646?<!=)&-8%!'5$98*4)6!865!/.B2('94=49!9&'5'6*48%2!986!3'!%'7'&8?'5!=)&!98&''&!2$99'22@!#'D!2'9*)&2!986!&478%!*'9:6)%)?;!46!*:'!6$-3'&!)=!9)%%'?'!5&)(B)$*2!*:8*!D'6*!)6!*)!5)!8-8Y46?!*:46?2!cG*'7'
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! Mg!
I6!87'&8?'<!)&?864Y8*4)62!&'()&*!3'46?!83)$*!MU^!2:)&*!)=!:'859)$6*!5'7)*'5!*)!2'9$&4*;@!#)&!'>8-(%'<!8!9)-(86;!D4*:!+U!/.!2*8==!=)9$2'5!)6!46=)&-8*4)6!2'9$&4*;<!D)$%5!45'8%%;!%4C'!*)!:87'!+M!2*8==!=)&!)(*4-8%!('&=)&-869'@!F6=)&*$68*'%;<!46!*:'!&'8%!D)&%5!)=!h5)!-)&'!D4*:!%'22<i!-)2*!9)-(864'2!8&'!=)&9'5!*)!)('&8*'!8*!%'22!*:86!)(*4-8%!2*8==46?!%'7'%2@!!!T)6'*:'%'22<!:4&46?!46*'6*!=)&!2'9$&4*;!(&)='224)68%2!42!)6!*:'!&42'<!82!Og^!)=!)&?864Y8*4)62!24?68%!*:'4&!46*'6*!*)!:4&'!2'9$&4*;!2('948%42*2!)7'&!*:'!6'>*!*D)!;'8&2@!!!.:42!9)$%5!3'!9:8%%'6?46?!*:)$?:!?47'6!*:'!'>('&4'69'!)=!*:)2'!*:8*!:87'!8%&'85;!8**'-(*'5!*)!:4&'!2'9$&4*;!2('948%42*2@!#)&*;!('&9'6*!)=!=4&-2!46!*:42!24*$8*4)6!&'()&*'5!54==49$%*;!46!=46546?!2'9$&4*;!2('948%42*2!D4*:!*:'!&4?:*!-4>!)=!'>('&*42'!865!'>('&4'69'<!6)*!2$&(&4246?!?47'6!*:'!-86;!:8*2!2'9$&4*;!(&)='224)68%2!-$2*!D'8&@!R'=%'9*46?!*:42!2:)&*8?'<!R)3'&*!k8%=!.'9:6)%)?;!(&)A'9*2!28%8&4'2!=)&!58*8!2'9$&4*;!868%;2*2!D4%%!469&'82'!g^!46!JU+J<!6'**46?!9)-('628*4)6!)=!fXW<UUU!B!f+J+<QUU@!!&!
!!.:'!%)6?'&B*'&-!)$*%))C!=)&!2'9$&4*;!'-(%);-'6*!*&89C2!9%)2'%;!D4*:!*:'!)7'&8%%!2'9$&4*;!*&'65@!0!JU++!c/G,d!J!E%)38%!/6=)&-8*4)6!G'9$&4*;!a)&C=)&9'!G*$5;!9)65$9*'5!3;!#&)2*!q!G$%%4786!'2*4-8*'5!*:8*!*:'!6$-3'&!)=!2'9$&4*;!(&)='224)68%2!D)&%5D45'!D4%%!?&)D!8*!8!9)-()$65!866$8%!?&)D*:!&8*'!)=!+M@J^<!&'89:46?!O@JO!-4%%4)6!(&)='224)68%2!3;!JU+Q@!.:42!2*$5;!45'6*4=4'5!*:&''!8&'82!D:'&'!2:)&*8?'2!)=!'>('&*42'!9)$%5!3'!'2('948%%;!(&)6)$69'5"!46=)&-8*4)6!&42C!-868?'-'6*<!8((%498*4)62!865!2;2*'-2!5'7'%)(-'6*!2'9$&4*;!865!54?4*8%!=)&'62492@!!
!"#$%&'()"*+,$%-."*%/'%0()1'2,%34,+1%5,671+/#%5+/7"8'*%92,1%:,;/%3<'%=,"1$%
!"#
$%"#
&%"#
'$"#
97/$'716,%('1,%'>%/4,%$,671+/#%>7*68'*%/'%?,?+6"/,?%03%$,671+/#%@1($%
A+1,%)1'2,*%$,671+/#%$),6+".+$/$%
&'(B+*"8'*%'>%4+1+*C%$,671+/#%$),6+".+$/$%"*?%/1"+*+*C%,;+$8*C%$/"D%
31"+*%"*?E'1%6,18>#%,;+$8*C%$/"D%/'%+()1'2,%/4,+1%,;),18$,%+*%$,671+/#%
Source: CompTIA’s 9th Annual Information Security Trends study F"$,G%HII%JK5K%03%"*?%F7$+*,$$%L;,6782,$%1,$)'*$+B.,%>'1%$,671+/#%
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! Me!
>'+&*#<+&=+-%(4(.,%(#2)&!!H)&'!*:86!X!46!+U!)&?864Y8*4)62!=)&-8%%;!)&!46=)&-8%%;!$2'!2'9$&4*;!9'&*4=498*4)62!82!8!-'862!*)!78%458*'!'>('&*42'@!0!(&4)&!,)-(./0!2*$5;<!B.>),31-$@1-21>"/,&6$,+$*4$4-(/&/&:$(&5$;1-"/+/2("/,&6<!9)6=4&-2!*:8*!3)*:!:4&46?!-868?'&2!865!kR!('&2)66'%!=89*)&!9'&*4=498*4)62!46*)!*:'!822'22-'6*!(&)9'22!)=!A)3!9865458*'2@!!I&?864Y8*4)62!74'D!9'&*4=4'5!2*8==!82!86!46*'?&8%!(8&*!)=!*:'4&!2'9$&4*;!8((8&8*$2@!.:'!78%458*4)6!(&)745'5!3;!9'&*4=498*4)6!42!'745'6*!3;!*:'!:4?:!%'7'%!)=!8?&''-'6*!*)!9'&*4=4'5!2*8==!3'46?!-)&'!78%$83%'!*)!*:'!)&?864Y8*4)6<!:8746?!(&)7'6!'>('&*42'!865!*:'!3'%4'=!*:8*!*:'!)&?864Y8*4)6!42!-)&'!2'9$&'!3'98$2'!)=!*:'!(&'2'69'!)=!9'&*4=4'5!2*8==!c2''!9:8&*!)6!=)%%)D46?!(8?'d@!!!02!'>('9*'5<!*:'&'!42!8!9)&&'%8*4)6!3'*D''6!)&?864Y8*4)62!*:8*!:87'!8!=)&-8%!()%49;!*)D8&52!*:'!$2'!)=!9'&*4=498*4)6!865!*:'!78%$'!8224?6'5!*)!9'&*4=498*4)62@!0%2)<!*:)2'!D:)!:87'!3''6!*:'!*8&?'*!)=!8!?&'8*'&!6$-3'&!)=!2'9$&4*;!3&'89:'2!=465!?&'8*'&!78%$'!46!:8746?!9'&*4=4'5!'-(%);''2@!!!!
!
!
!
!
!!!!!!!!!!!!!!!!!!
!!!
!"#$%&'("#)*"+,#-%.-/%0/12')3$%4/'+51"+,#-%3,%6"7)8"3/%03"9%:;</'+-/%
!"#$
%&#$
'&#$
=,%>,'?"7%,'%)#>,'?"7%<,-)+,#%3,@"'8-%3A/%2-/%,>%-/12')3$%
1/'+51"+,#-%
B#>,'?"77$%C%#,3%'/D2)'/8E%F23%G"72/8%"#8%/#1,2'"(/8%
H,'?"77$%C%1/'+51"+,#-%'/D2)'/8%>,'%1/'3")#%-3"9%
Source: CompTIA’s 9th Annual Information Security Trends study I"-/J%KLL%.M0M%BN%"#8%I2-)#/--%:;/12+G/-%'/-<,#-)F7/%>,'%-/12')3$%
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! MX!
!!"#$%&'"(%!)*+,'"-%.),/0*#/123%4')&)5%#3%
61,)%4#7+#87)%"1%"()%9,:#2';#/12%
!"#$
%&#$
!'#$
()#$
<=>%
?@>%
A@>%
<=>%
.),/0)5%3"#$%B),C1,D%#"%#%(':(),%7)E)7%"(#2%212F*),/0)5%3"#$%
G()%1,:#2';#/12%'3%D1,)%3)*+,)%5+)%"1%*),/0)5%3"#$%
.),/0)5%3"#$%(#E)%B,1E)2%)HB),/3)%
.),/0)5%3"#$%#,)%D1,)%E#7+#87)%"1%"()%1,:#2';#/12%
Source: CompTIA’s 9th Annual Information Security Trends study I#3)J%K@@%LM!M%NG%#25%I+3'2)33%OH)*+/E)3%,)3B123'87)%C1,%3)*+,'"-%
*+,--$./,01+23$*+,--$
456$*+,--$
PQ>%
PR>%
P<>%
RQ>%
!"#
!!"#
$%"#
&%"#
$!"#
!"#$%&'$()%*+,-.)#%&'-+/0-+1$23-+)4+5-*(%#+67-"+5"$&%&%#+/)+8)%9":+;%)<2-=#-+>$&%*+
6+%-/+'&"+)4+)"#$%&'$()%*+$#"--+/0$/+&/?*+&:@)"/$%/+/)+()*(#+,)-#(-+././0#/)+.)%9":+A%)<2-=#-+#$&%*+
B-.3"&/C+8-"(9.$()%*+0$D-+123#456#
B-.3"&/C+8-"(9.$()%*+0$D-+7.08#
456#
B-.3"&/C+8-"(9.$()%*+
0$D-+92:)-+()#456#
6+%-/+%&"#)4+)"#$%&'$()%*E+F-2&-D-+*-.3"&/C+.-"(9.$()%*+;2*.<=)#456##
B/")%#2C+6#"--+
6#"--+
B)3".-G+8):@5H6?*!"#$!%&&'()!*&+,-.(/,&!012'-3#4!5-1&67!*/3=C+I$*-G+JKL+MNBN+)"#$%&'$()%*+<&/0+$+4)":$2+)"+&%4)":$2+@)2&.C+/)<$"=*+/0-+3*-+)4+H5+.-"(9.$()%*+
!
!"#$%&&'()$*&+,-.("/,&$012'-/"3$4-1&56$0"'53"!#$%%!&'()&*!! MW!
Z'98$2'!2'9$&4*;!42!3&)85!=4'%5<!D4*:!*'9:6498%<!%'?8%<!2*&8*'?49!865!-868?'&48%!82('9*2<!6)!246?%'!9'&*4=498*4)6!986!()2243%;!28*42=;!8%%!6'9'228&;!2C4%%!2'*2@!Z'%)D!42!8!28-(%46?!)=!*:'!-86;!2'9$&4*;!&'%8*'5!9'&*4=498*4)62!8784%83%'!*)58;"!!
• ,'&*4=4'5!N*:498%!k89C'&!c,Nkd!• ,'&*4=4'5!/6=)&-8*4)6!G'9$&4*;!H868?'&!c,/GHd!• ,'&*4=4'5!/6=)&-8*4)6!G;2*'-2!G'9$&4*;!P&)='224)68%!c,/GGPd!• ,'&*4=498*'!)=!,%)$5!G'9$&4*;!\6)D%'5?'!c,,G\d!• ,)-(./0!G'9$&4*;_!• ,)-(./0!057869'5!G'9$&4*;!P&89*4*4)6'&!c,0GPd!• ,;3'&G'9$&4*;!#)&'6249!068%;2*!c,G#0d!• E%)38%!/6=)&-8*4)6!022$&869'!,'&*4=498*4)6!cE/0,d!• j'65)&!9'&*4=498*4)62!2$9:!82!,429)12!,'&*4=4'5!T'*D)&C!022)948*'!,'&*4=498*4)6!c,,T0d<!
H49&)2)=*12!,'&*4=4'5!G;2*'-2!N6?46''&!cH,GNd!*:8*!:87'!8!2'9$&4*;!9)-()6'6*!!H8((46?!2'9$&4*;!A)3!&)%'2!865!98&''&!(8*:2!*)!9'&*4=498*4)62!:82!3''6!8!?)8%!)=!9'&*4=;46?!3)54'2<!*:'!(&478*'!2'9*)&!865!?)7'&6-'6*!8?'694'2!=)&!2)-'!*4-'@!I6'!&'9'6*!'==)&*!=&)-!*:'!T8*4)68%!/64*48*47'!=)&!,;3'&2'9$&4*;!N5$98*4)6!cT/,Nd<!86!'>*'624)6!)=!*:'!F@G@!?)7'&6-'6*!T8*4)68%!/62*4*$*'!)=!G*8658&52!q!.'9:6)%)?;<!42!*:'!,;3'&2'9$&4*;!a)&C=)&9'!#&8-'D)&C@!!
.:'!=&8-'D)&C!45'6*4=4'2!2'7'6!:4?:B%'7'%!98*'?)&4'2!)=!9;3'&2'9$&4*;<!8%)6?!D4*:!5'=464*4)62<!C';!A)3!&)%'2<!2C4%%2!865!28-(%'!)99$(8*4)6!*4*%'2@!!:**("``92&9@642*@?)7`649'`=&8-'D)&C`5)9$-'6*2`T/,NB,;3'&2'9$&4*;Ba)&C=)&9'B#&8-'D)&CB(&46*83%'@(5=!!
+@ 7+.$-+<0&1-#B()(#2!o ,)69'(*$8%4Y'2<!5'24?62!865!3$4%52!2'9$&'!/.!2;2*'-2<!D4*:!&'2()62434%4*4'2!=)&!2)-'!82('9*2!
)=!*:'!2;2*'-2o!5'(8&*-'6*@!IH A8+-,%+&,29&V,(2%,(2&
o P&)745'2!2$(()&*<!85-4642*&8*4)6!865!-846*'6869'!6'9'228&;!*)!'62$&'!'=='9*47'!865!'==494'6*!/.!2;2*'-2!('&=)&-869'!865!2'9$&4*;@!
JH 1-#%+.%&,29&E+4+29&
o #$&642:'2!45'6*4=498*4)6<!868%;242!865!-4*4?8*4)6!)=!*:&'8*2!*)!46*'&68%!/.!2;2*'-2!865!6'*D)&C2@!
KH 52B+)%(:,%+&
o R'2()6243%'!=)&!*:'!467'2*4?8*4)6!)=!9;3'&!'7'6*2!865`)&!9&4-'2!)=!/.!2;2*'-2<!6'*D)&C2!865!54?4*8%!'745'69'@!
LH A8+-,%+&,29&=#<<+.%&
o 099)$6*83%'!=)&!*:'!:4?:%;!2('948%4Y'5!9)%%'9*4)6!)=!9;3'&2'9$&4*;!46=)&-8*4)6!*:8*!-8;!3'!$2'5!*)!5'7'%)(!46*'%%4?'69'@!
XH !2,<03+&
o R'2()6243%'!=)&!:4?:%;!2('948%4Y'5!&'74'D!865!'78%$8*4)6!)=!469)-46?!9;3'&2'9$&4*;!46=)&-8*4)6!*)!5'*'&-46'!4*2!$2'=$%6'22!=)&!46*'%%4?'69'@!
YH 7$88#-%&
o P&)745'2!2$(()&*!2)!*:8*!)*:'&2!-8;!'=='9*47'%;!9)65$9*!*:'4&!9;3'&2'9$&4*;!D)&C@!!
!
www.comptia.org
© 2011 CompTIA Properties, LLC, used under license by CompTIA Member Services, LLC. All rights reserved. All membership activities and o!erings to members of CompTIA, Inc. are operated exclusively by CompTIA Member Services, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally. Other brands and company names
mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduction or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. Jan 2012 2773-US
