Avoiding reputation damage to the organization was viewed as a top priority for security programs by three-quarters of information security professionals surveyed in a worldwide study launched today by (ISC)2(R) ("ISC-squared"), the non-profit global leader in educating and certifying information security professionals throughout their careers.
LONDON (Business Wire EON) April 22, 2008 --
Avoiding reputation damage to the organization was viewed as a top
priority for security programs by three-quarters of information security
professionals surveyed in a worldwide study launched today by (ISC)2®
(“ISC-squared”),
the non-profit global leader in educating and certifying information
security professionals throughout their careers.
The 2008 Global Information Security Workforce Study (“GISWS”)
was conducted by analyst firm Frost & Sullivan on behalf of (ISC)².
It surveyed 7,548 information security professionals, including over
1,500 ‘C-suite’
executives and security managers, as well as IT and other professionals
with responsibility for information security, from companies and public
sector organizations in more than 100 countries. Respondents came from
the three major regions of the world: Americas (41 percent);
Asia-Pacific (34 percent); and Europe, Middle East and Africa (“EMEA”)
(25 percent). Web-based surveys were distributed to targeted information
security respondents worldwide in the third quarter of 2007.
“This fourth edition of the study
demonstrates more than ever before that information security has become
a business imperative for organizations of all sizes, with far-reaching
concerns such as corporate reputation, the privacy of customer data,
identity theft, and breach of laws and regulations driving information
security governance,” said Rob Ayoub, Frost &
Sullivan industry manager, network security.
Pressure over data loss and compliance has driven accountability for
information security to the executive level, with 49 percent of
information security professionals reporting to executive management or
boards of directors. Other study highlights include:
-
Smaller organizations (up to 500 employees) accounted for nearly 60
percent of respondents, signifying a move from security as a priority
for mostly larger organizations to organizations of all sizes due to
business requirements and compliance, including the impact of the
payment card industry’s PCI-DSS.
-
A third of respondents said their primary functional responsibilities
are mostly managerial. An additional 48 percent also reported that
their functional responsibilities will be mostly managerial in the
next two to three years, suggesting a changing focus in their roles.
-
Approximately 20 percent of respondents were at the executive (Chief
Information Officer, Chief Information Security Officer, Chief
Security Officer, Chief Risk Officer) or manager level.
-
Communications skills were seen as “very
important” or “important”
by 81 percent of respondents to be a successful professional. Business
skills were also seen as very important or important by 69 percent of
respondents.
-
Information security is moving beyond the perimeter and becoming more
data-focused, protecting data both at rest and in transit, with
wireless security solutions, cryptography, storage security and
biometrics represented in the top five technologies being deployed in
most regions.
-
Information security awareness is appreciated as a significant factor
in effective information security management: Users following
information security policy was identified as the most important
factor in a security professional’s ability
to protect the organization. In addition, 51 percent of respondents
identified internal employees as the biggest threat to their
organizations.
-
Globally, average annual salaries for professionals with at least five
years of experience are reported at US$94,500 for respondents
identifying themselves as members of (ISC)2 and
US$73,856 for all other participants. The majority of (ISC)2
members (70 percent) considered themselves to be information
security professionals; the majority of non-members (66 percent) to be
information technology professionals.
-
The profession is maturing, with average experience levels reported at
9.5 years in the Americas, 7.1 years in Asia-Pacific, and 8.3 years in
EMEA. Professionals across all regions also reported high levels of
post-secondary education.
“This year’s study
acknowledges that effective information security programs enable
businesses to grow and prosper,” said Eddie
Zeitler, CISSP, executive director of (ISC)2. “Consequently,
professionals are being tasked more with the business of security,
managing and consulting on its broad contribution to the business, while
the administration of technical solutions is being integrated into the
IT department.”
Zeitler added, “Opportunities in the
information security field will continue to grow despite slower economic
growth worldwide due to the increased pressure on professionals to
ensure responsible and secure business interactions coming from
consumers, B2B customers, strategic partners and regulatory bodies.”
Frost & Sullivan estimates the number of information security
professionals worldwide to be approximately 1.66 million. This figure is
expected to increase to almost 2.7 million professionals by 2012,
displaying a compound annual growth rate (CAGR) of 10 percent. A strong
outlook is also depicted for professional development in the sector,
with the great majority of respondents expecting either stability or an
increase in training budgets. Other highlights include:
-
Respondents reported that information security spending on personnel
remained stable in the Americas and EMEA in 2007 compared to 2006. In
contrast, Asia-Pacific respondents anticipated an increase in
information security spending across the board.
-
Almost 60 percent of respondents with less than 10 years of experience
reported an expected increase in training budgets over the next year,
often to get up to speed on emerging technologies and threats. More
than half of respondents in operational roles expected an increase.
-
Top training topics included security administration, application and
systems security, business continuity and disaster recovery planning,
privacy, and information risk management.
-
Seventy-eight percent of hiring managers cited certifications as
either “very important”
or “somewhat important.”
While “quality of work”
and “company policy”
were the top reasons given for certification’s
importance, a new reason – “customer
requirement” –
was identified by 33 percent of respondents requiring certifications.
To download a copy of the study, please visit www.isc2.org/workforcestudy.
About (ISC)²
The International Information Systems Security Certification Consortium,
Inc. [(ISC)2®]
is the internationally recognized Gold Standard for certifying
information security professionals. Founded in 1989, (ISC)²
has certified over 58,000 information security professionals in 135
countries. Based in Palm Harbor, Florida, USA, with offices in
Washington, D.C., London, Hong Kong and Tokyo, (ISC)2
issues the Certified Information Systems Security Professional (CISSP®)
and related concentrations, Certification and Accreditation Professional
(CAP®), and Systems
Security Certified Practitioner (SSCP®)
credentials to those meeting necessary competency requirements. All (ISC)²
core certifications – the CISSP, CISSP-ISSEP®,
CISSP-ISSAP®,
CISSP-ISSMP®, SSCP
and CAP – meet the stringent requirements of
ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and
certifying personnel. (ISC)² also offers a
continuing professional education program, a portfolio of education
products and services based upon (ISC)2’s
CBK®, a taxonomy of
information security topics, and is responsible for the annual (ISC)²
Global Information Security Workforce Study. More information is
available at www.isc2.org.
© 2008, (ISC)2 Inc.
(ISC)², CISSP, ISSEP, ISSAP, CAP, SSCP and
CBK are registered marks of (ISC)², Inc.
Trackback URL: http://www.prweb.com/pingpr.php/Q291cC1DcmFzLVBpZ2ctTWFnbi1GYWx1LVplcm8=
|
