PoSecCo hits a nerve – key activities in policy and security management need support

147 practitioners and researchers working in the field of policy and security configuration management were surveyed online between December 2011 and March 2012. The main goal of the survey was to check whether the toolset developed within the scope of the PoSecCo project is considered relevant also by individuals beyond the project consortium. The results of the survey clearly indicate that the requirements specified under the guidance of the PoSecCo end-user partners are not only relevant for them but also for a larger group of organizations. The survey participants further reported that they do not feel well supported by software as well as non-software tools when performing the key activities addressed by the PoSecCo toolset. The survey shows that there is considerable potential for increasing the efficiency and effectiveness of policy and security configuration management in practice. The lack of appropriate tool support and the demand for it underline the project’s practical relevance. The results further indicate that auditing IT landscapes spanning across the borders of organizations is among the most challenging issues currently faced in the context of policy and security configuration management and that the importance of addressing it is going to increase within the next years. Heterogeneity of IT landscapes and requirements is considered a factor currently having a particularly strong impact on policy and security configuration management.