Worries over corporate reputation top security pros concerns
Avoiding reputation damage to the organisation was viewed as the top priority for security programs by around 75 per cent of information security professionals surveyed in a worldwide study by certifier ISC² at InfoSecurity Europe 2008 this week.
The 2008 Global Information Security Workforce Study was conducted by Frost & Sullivan on behalf of ISC². It surveyed 7,548 information security professionals, including over 400 CSO and CISOs, and other professionals with responsibility for information security, from companies and public sector organisations in more than 100 countries. Respondents came from the three major regions of the world: Americas (41 per cent), Europe, Middle East and Africa (EMEA) (25 per cent), and Asia-Pacific (34 per cent).
This fourth edition of the study emphasises that information security has become a business imperative for organisations, with far-reaching concerns such as corporate reputation, the privacy of customer data (top priority for 70 per cent globally, 69 per cent EMEA), identity theft (high priority for 67 per cent globally, 63 per cent EMEA), and breach of laws and regulations (61 per cent globally, 60 per cent EMEA) motivating information security governance.
Pressure over data loss and compliance has driven accountability for information security to the executive level, with the number of information security professionals reporting to executive management reported at 33 per cent globally, and 40 per cent in EMEA - compared to 21 per cent globally the first year ISC² conducted a similar survey in 2004. Other study highlights include:
- A third of respondents (36 per cent globally, 35 per cent EMEA) said their primary functional responsibilities are mostly managerial, with a higher proportion of respondents (48 per cent globally, 43 per cent EMEA) reporting that their functional responsibilities will be mostly managerial in the next two to three years, suggesting a changing focus for their role.
- Approximately 20 per cent of respondents were at the executive level (chief information officer, chief information security officer, chief Security officer, chief risk officer), with 16 per cent (17 per cent in EMEA) reporting directly to the board of directors.
- Information security governance is moving beyond the perimeter and becoming more data-focused, protecting data at rest and in transit with wireless security solutions, cryptography, storage security and biometrics featuring in the top five technologies being deployed in most regions. In EMEA, wireless security solutions, storage security and biometrics were identified as the top three.
- Users following information security policy was identified globally as the most important factor in a security professional̵7;s ability to protect the organisation. In addition, 51 per cent (38 per cent EMEA) of respondents identified internal employees as the biggest threat to their organisations.
- The profession is maturing globally, with average experience levels reported at 9.5 years in the Americas, 8.3 years in EMEA, and 7.1 years in Asia-Pacific.
Professionals across all regions also reported high levels of post-secondary education. EMEA had the highest number of respondents with masters and doctoral degrees at 37 per cent (less than 30 per cent in other regions) and 8 per cent, respectively.
Image: A third of respondents to the ISC² survey said their primary functional responsibilities are mostly managerial, with a higher proportion of respondents reporting that their functional responsibilities will be mostly managerial in the next two to three years
What do you think about the issues raised in this news story? Share your views at the Information Professional discussion forum.
More IT industry news from the IET