Certification - May 2008 - (Page 24) INSIDE CERTIFICATION Study Shows Continuing Demand for Training in Information Security EDDIE ZEITLER (ISC)2 has announced the results of its fourth Global Information Security Workforce Study (GISWS). Conducted for (ISC)2 by Frost & Sullivan, a total of 7,548 professionals were surveyed — the largest sampling to date — from North and Latin America; Europe, the Middle East and Africa (EMEA); and Asia Pacific (APAC). Following are some highlights and key demographic data that provide a snapshot of today’s information profession and where it is headed. One of the most prominent results of the 2008 GISWS is that 70 percent of all respondents reported their own employees are the biggest threat to their organizations’ security. This statistic amplifies the findings of other studies that, contrary to mainstream opinion that effective security involves a series of technology quick fixes to protect your organization from danger “out there,” it’s an organization’s own employees who are both the weakest link and the strongest asset in securing the environment. Eight-four percent of the security professionals who responded to the survey noted that preventing damage to their organizations’ reputation was the top priority for their security programs, an understandable sentiment considering the plethora of news coverage of security breaches in recent years. Coming in second and third, respectively, were preventing customer privacy violations and customer identity theft and fraud, in many ways reinforcing the first priority. All three priorities show a world that has changed from asking where the return-on-investment is in security to seeing it as essential to running an organization. A new trend that emerged from the current GISWS is that the Payment Card Industry Data Security Standard (PCI DSS) compliance mandate appears to be driving small- to medium-sized businesses (SMBs) to require information security staff. PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures for secure credit card payments. This new trend further demonstrates that the ROI of security professionals is moving down the chain from large corporations to SMBs that, at one time, would never have considered hiring a security administrator. 24 CERTIFICATION MAGAZINE May 2008 Some significant changes in the reporting structure were noted in the current GISWS compared to the 2006 study. Most notable was the increased percentage of security professionals who report to executive management. In the 2006 study, only 17 percent of (ISC)2-certified members reported to executive management, while that number rose to more than a quarter of all respondents in the current study. This increase in executive management reporting demonstrates the increased clout that information security professionals have within their organizations. In accordance with this growing respect for the information security professional’s role, the average annual salary increased for all regions. Worldwide, the average annual salary for respondents who are (ISC)2 members was $92,575 as compared to $80,752 in 2006, an increase of 15 percent. Work experience also played a factor, with 63 percent of (ISC)2 members with more than 15 years of information security experience reporting earning
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.