Information Security Professionals are Gaining Influence in the Board Room
The International Information Systems Security Certification Consortium (ISC)², the non-profit international leader in educating and certifying information security professionals worldwide announced the results of the second annual Global Information Security Workforce Study, conducted by global analyst firm IDC and sponsored by (ISC)². Results revealed the profession continued to mature, and ultimate responsibility for information security moved up the management hierarchy, with more respondents identifying the board of directors and CEO, or a CISO/CSO as being accountable for their company's information security.
IDC expects this accountability shift to continue as information security becomes more relevant in risk management and IT governance strategies. The study also found that security is becoming operationalized within organizations as they attempt to align their business and security strategies with the goal of establishing a comprehensive information risk management program.
The majority of respondents (73%) expects their influence with executives and the board of directors to increase in the coming 12 months, as dialogue between corporate executives and information security professionals has evolved from a technical security discussion to one of risk management strategies.
"This year, professionals worldwide indicated that information security is now being perceived as a business enabler rather than a business expense, and as a result, they are increasingly being included in strategic discussions with the most senior levels of management," said Rolf Moulton, CISSP-ISSMP, president and CEO (interim) of (ISC)². "This demonstrates that the competency of information security professionals is being recognized as the key to an effective security strategy."
IDC analyzed responses from 4,305 full-time information security professionals in more than 80 countries worldwide that had purchasing, hiring and/or management responsibilities, with nearly half employed by organizations with US billion or more in annual revenue. Respondents represent organizations of various sizes from both public and private sectors, different vertical industries, and varying core competencies and skill sets from organizations around the world. Highlights from the 2005 report include:
- Nearly 21% of respondents, up from 12% in 2004, say their CEO is now ultimately responsible for security, while those saying that the board of directors is now ultimately responsible for security rose nearly 6% from 2.5% in 2004. For the CIO, security accountability dropped to about 30.5%, from approximately 38% in 2004 and rose to 24% from 21% in 2004 for CISO/CSOs.
- Organizations spend on average more than 43% of their IT security budgets on personnel, education and training. Overall, respondents are anticipating their level of education and training to increase by 22% over the coming year. Professionals in the Asia-Pacific region were more optimistic, with approximately 40% expecting increased levels of security training and education.
- Professionals are looking for additional training in business continuity (50.5%), forensics (50.3%), and risk management (48%), all of which factored higher than the demand indicated in 2004. Further, more than 60% of respondents indicated that it was their intention to acquire at least one information security certification within the next 12 months.
- Earnings are generally stable compared to 2004. An increase of 4% was reported from respondents in the Americas and in the Asia-Pacific region, respondents earning less than US ,000 rose from 24% last year to more than 26.5%.
- The information security workforce in America appears to be the most mature globally, with 46.6% having more than 10 years of experience, compared to 33.9% in Europe. Within the Asia-Pacific region, less than 25% of information security professionals have yet to be in the profession for more than 10 years. There is a split between Western and Central and Eastern Europe. The percentage of individuals with less than five years of experience in Central and Eastern Europe is twice that of Western Europe (20% vs. 10%), and there are 30% more security professionals with over 10 years of experience in Western Europe than in Central and Eastern Europe.
- More individuals reported attaining a master’s degree or its equivalent (42%) in EMEA, compared with 32% in 2004. Within America, the number increased to 34% from 28% over 2004. A doctorate level or equivalent was reported by 11% of information security professionals worldwide.
The market outlook remains positive for individuals seeking to work in the information security field. IDC estimates the number of security professionals worldwide in 2005 to be 1.4 million, a 9% increase over 2004. This figure is expected to increase to more than 1.9 million by 2009, representing a compounded annual growth rate of 8.5% from 2004 to 2009.
The 2005 Global Information Security Workforce Study was conducted by IDC on behalf of (ISC)² to provide detailed insight into important trends and opportunities within the information security profession. The study provides a clearer understanding of how professionals are compensated, how their organizations view security, and next steps required to advance information security careers and the profession. To download a copy of the study, please visit www.isc2.org/workforcestudy.
*****
Announcement: Attend the Powertips 2006 "Security Secrets and Strategies" conference on March 16, 2006 at the Grand Ballroom of Dusit Hotel Nikko. Tickets are available at all SM TicketNet outlets or call 911-5555. You can also register online at www.infochat.com.ph
For your comments, questions and suggestions, send your email to techtvhost@yahoo.com
|
