Avoiding reputation damage to the organization was viewed as a top priority for security programs by three-quarters of information security professionals surveyed in a worldwide study published this week by (ISC)2.

‘The 2008 Global Information Security Workforce Study’ was conducted by analyst firm Frost & Sullivan on behalf of (ISC)2. It surveyed 7,548 information security professionals, including over 1,500 'C-suite' executives and security managers, as well as IT and other professionals with responsibility for information security, from companies and public sector organizations in more than 100 countries. Respondents came from the three major regions of the world: Americas (41 percent); Asia-Pacific (34 percent); and Europe, Middle East and Africa (EMEA) (25 percent). Web-based surveys were distributed to targeted information security respondents worldwide in the third quarter of 2007.

Pressure over data loss and compliance has driven accountability for information security to the executive level, with 49 percent of information security professionals reporting to executive management or boards of directors. Other study highlights include:

- Information security is moving beyond the perimeter and becoming more data-focused, protecting data both at rest and in transit, with wireless security solutions, cryptography, storage security and biometrics represented in the top five technologies being deployed in most regions.

- Information security awareness is appreciated as a significant factor in effective information security management: users following information security policy was identified as the most important factor in a security professional's ability to protect the organization. In addition, 51 percent of respondents identified internal employees as the biggest threat to their organizations.

- Respondents reported that information security spending on personnel remained stable in the Americas and EMEA in 2007 compared to 2006. In contrast, Asia-Pacific respondents anticipated an increase in information security spending across the board.

- Almost 60 percent of respondents with less than 10 years of experience reported an expected increase in training budgets over the next year, often to get up to speed on emerging technologies and threats. More than half of respondents in operational roles expected an increase.

- Top training topics included security administration, application and systems security, business continuity and disaster recovery planning, privacy, and information risk management.

To download a copy of the study, please visit www.isc2.org/workforcestudy

•Date: 23rd April 2008• Region: World •Type: Article •Topic: ISM
Rate this article or make a comment - click here