| 3rd Annual Information Security Workforce Study results
According to more than 4,000 information security professionals in more than 100 countries in the largest study of its kind, the most important elements in effectively securing their organisation’s infrastructure are (in order of importance): 1) Management support of security policies According to the study authors, the top three success factors highlight the need for public and private entities to focus more time and attention on policies, processes and people, all areas which have been traditionally overlooked in favour of trusting hardware and software to solve security problems. Survey respondents say that organisations are now beginning to recognise that technology is an enabler, not the solution, for implementing and executing a sound security strategy. The study also found that responsibility for executing a sound security strategy is being increasingly shared across the organisation, making C-level officers accountable as part of a well-defined and articulated risk management program. Continuing a trend identified in last year’s study, responsibility for securing information assets is shifting from the chief information officer (CIO) into other areas of senior management and business, including chief executive officer, chief financial officer, chief risk officer and chief information security officer, as well as legal and compliance departments. “For organisations to proactively secure and protect their infrastructure, information, financial and physical assets requires the unconditional commitment to security at the financial, management and operational levels,” said Allan Carey, program manager at IDC who led the study. “Security management will always require the proper balance between people, policies, processes and technology to effectively mitigate the risks associated with today’s digitally connected business environment.” IDC analysed responses from 4,016 full-time information security professionals in more than 100 countries, with nearly 40 percent employed by organisations with US$1 billion or more in annual revenue. Respondents came from three major regions of the world: North, Central and South America (57.3 percent), EMEA (Europe, Middle East, Africa) (22.8 percent) and A-P (Asia-Pacific, including Japan) (19.5 percent), and represent organisations of various sizes from both the public and private sectors, different vertical industries, and varying core competencies and skill sets from organisations. Respondents typically had purchasing, hiring and/or management responsibilities. Other highlights from the 2006 study include: * Common security technologies being implemented by organisations across all regions are biometrics, wireless security, intrusion prevention and forensics tools. Biometrics ranked either No. 1 or 2 across all regions. * The area of information security risk management has risen to the top as a training priority in both the Americas and EMEA and is No. 2 in Asia Pacific. This will continue for the foreseeable future as organisations struggle to gain control over their risk posture, develop a flexible framework to quickly adapt to new environmental factors, and provide visibility into their greatest risks. * Overall, organisations are spending a greater percentage of their information security budgets on personnel and training in 2006 than in 2005. Organisations are spending more than 41 percent of their security budgets, on average, on personnel and training to staff projects and support post-deployment management. To download a copy of the study, please visit www.isc2.org/workforcestudy (registration required).
•Date: 26th October 2006• Region: World •Type: Article •Topic: ISM |
