Responsibility for IT security appears to be devolving
away from the IT department, according to research to be published
at this week's RSA Security Conference in Vienna.
A survey of 4,200 IT security professionals worldwide was
conducted by IDC and security certification body ISC2.
Among European security professionals the research revealed that
25% report to the IT department, and a further 25% report to a
separate information security department.
For the first time the survey has found security professionals
reporting directly to the board of directors (7%), with a further
16% reporting to the executive management team. Others reported to
finance, operations, risk management departments and even to
independent consultants.
The research also found IT security professionals were earning
between £35,000 and £60,000.
More than 33% of IT security professionals felt their influence
on executive management would increase over the next 12 months, as
security and compliance issues increasingly enter board
agendas.
The trend is putting pressure on IT security professionals to
develop business and communication skills alongside their technical
expertise, said Sarah Bohne, director at ISC2.
"The information security community is starting to realise that
the only way they are going to be successful and get the budgets
they need is if they speak to owners using business language and
business terms. There is a new level of awareness about that," she
said.
The research showed that selling security to top management and
dealing with internal company politics were among the most
time-consuming areas of security professionals' jobs.
Despite this, ISC2 said employers were failing to give security
professionals the training in softer
business and communications skills they need to liaise with
colleagues.
Most security professionals in the UK are highly educated, with
41% having a masters degree or equivalent. Twenty five per cent
said it was their company's policy to only employ professionally
certified security staff.
Although security budgets have risen annually in Europe, most
security staff predicted their budgets would remain static next
year.