Security pros gain ground in the board room

By Bill Brenner, News Writer 08 Dec 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

NEW YORK -- It pays to be a security professional these days, especially if you have one or more certifications under your belt. That's because corporate executives are paying more attention to their security managers in the face of growing online threats.

Framingham, Mass.-based research group IDC reached that conclusion in its 2005 Global Information Security Workforce Study, conducted on behalf of the Palm Harbor, Fla.-based International Information Systems Security Certification Consortium (ISC)². Rolf Moulton, president and CEO of (ISC)², unveiled the findings Wednesday at the Infosecurity Conference & Exhibition.

"Priorities are changing," Moulton said. "We can finally say security is being seen as an enabler -- part of the business process. We see security budgets increasing. We see that [companies] are investing more to educate staff. We see more CEOs taking responsibility" for security threats.

For more information Pre-CISSP: Options for the security newbie CISSP vs. CCISP creating confusion for certification holders

IDC surveyed 4,305 full-time information security professionals in more than 80 countries, and 73% said they expect their influence with executives and the board of directors to increase in the next year. Dialogue among corporate executives and IT security professionals has evolved from a technical security discussion to one of risk management strategies, Moulton said, adding, "This demonstrates that the competency of information security professionals is being recognized as the key to an effective security strategy."

Meanwhile:

• Nearly 21% of respondents said their CEO is taking ultimate responsibility for security, up from 12% in 2004. Those saying that the board of directors is now ultimately responsible for security rose nearly 6% from 2.5% last year.
• For the CIO, security accountability dropped to about 30.5% from approximately 38% in 2004, and rose to 24% from 21% in 2004 for CISO/CSOs.
• Respondents said their companies spend more than 43% of their IT security budgets on personnel, education and training, and expect that to rise considerably in the next year.
• Professionals said there's growing interest in training for business continuity (50.5%), forensics (50.3%) and risk management (48%), all of which factored higher than the demand indicated in 2004.
• More than 60% said they plan to acquire at least one information security certification in the next year.
• IDC estimates the number of security professionals worldwide in 2005 to be 1.4 million, a 9% increase over 2004. The figure is expected to rise to more than 1.9 million by 2009, representing a compounded annual growth rate of 8.5% from 2004 to 2009.

At Wednesday's press conference, Moulton said managers are increasingly interested in hiring certified workers because it indicates more competence and better work quality. They also believe certified workers will have a better grasp on company policy and regulatory compliance.

The findings also showed that hiring managers want people with expertise in wireless security (35%), identity and access management (32%), security event or information management (31%) and intrusion prevention systems (31%), among other things.

Tags: Information Security Jobs and Training,  Information Security Policies, Procedures and Guidelines,  Security Awareness Training and Internal Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Jobs and Training Despite recession, information security certification pay continues to climb Bruce Schneier on outsourcing, awareness training Creating a personal brand in information security Feds push cybersecurity jobs, PCI DSS changes ahead. Feds announce 1,000 new security jobs Some IT security certifications are overvalued, analyst says How to prepare for an information security job interview Security industry remains resilient to tough economy Top social networking sites to boost your information security career Q2 2009 data shows IT security certification pay still climbing Information Security Policies, Procedures and Guidelines Essential guide: Pandemic planning for H1N1 Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar How a corporate Twitter policy can combat social network threats Should enterprises be concerned with Twitter in the workplace? Information security management hype: Debunking best practices Data breach avoidance begins with security basics, panel says Expert: Information security spending often restricts innovation GAO report cites government weaknesses, data leakage Security Awareness Training and Internal Threats Creating a HIPAA employee training program Successful rogue antivirus hinges on social engineering External attacks start with unintentional mistakes, survey finds Security technologies fail to address insider threat management Data breach avoidance begins with security basics, panel says Monitoring program data and internal controls for risk management Software security threats and employee awareness training Twitter risks, Facebook threats trouble security pros Social engineering training could disrupt botnet growth How to write a risk methodology that blends business, security needs

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Cisco Certified Security Professional (CCSP)  (SearchSecurity.com) CSO  (SearchSecurity.com) security clearance  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary