IDC Energy Insights Provides Guidelines for Building a Successful Security Culture

FRAMINGHAM, MA, April 16, 2012 – IDC Energy Insights announced today the availability of a new report, Methods and Practices: Understanding the Key Metrics of a Successful Security Culture, (Document # EI233946). The new report provides an analysis of the cybersecurity and information security practices within oil and gas companies. It outlines overarching concerns of IT and operations professionals regarding the implementation of security and risk practices. In addition, the report provides information security professionals with guidelines to create a successful security culture within their organization.

Oil and gas professionals are working diligently to address the security and risk concerns for IT and control systems. However, the emerging threat landscape and evolving cybersecurity guidelines are pushing them to do more, while policy makers are asking oil and gas companies to increase information sharing with the federal entities. In the oil and gas industry, companies operate globally, work with multiple business partners and have oil wells and other assets widely distributed in remote locations. Therefore, creating end-to-end visibility into threats and vulnerability is very challenging. Monitoring and measuring the progress of security is critical in such a demanding environment. Based on conversations with industry professionals, IDC Energy Insights has observed that oil & gas companies are just now starting to assemble the building blocks for a security culture that is based on in-depth visibility and monitoring, critical to meeting current market demands.

"IT and control system groups work in silos," says Usman Sindhu, senior research analyst, Utilities and Oil and Gas, IDC Energy Insights. "Oil and gas professionals are busy tackling security issues for emerging threats; however, they need to improve the processes around incident and event management. In addition, companies are just starting to discuss how security progress can be measured based on metrics such as number of incidents, control system failure, intrusion attempts, and patching failures."

For additional information, or to arrange a one-on-one briefing with Usman Sindhu, please contact Sarah Murray at 781-378-2674 or Reports are available to qualified members of the media. For information on purchasing reports, contact

About IDC Energy Insights

IDC Energy Insights assists energy businesses and IT leaders, as well as the suppliers who serve them, in making more effective technology decisions by providing accurate, timely, and insightful fact-based research and consulting services. Staffed by senior analysts with decades of industry experience, our global research analyzes and advises on business and technology issues facing the utility and oil and gas industries. International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology market. IDC is a subsidiary of IDG, the world’s leading technology, media, research, and events company. For more information, please visit, email, or call 508-935-4400. Visit the IDC Energy Insights Community at