Information security professionals are now
more highly regarded, and are moving up the corporate ladder
towards the board, according to a survey by analyst firm
IDC.
The
survey was conducted on behalf of the International Information
Systems Security Certification Consortium, known as (ISC)2. The
organisation educates and certifies information security
professionals worldwide.
The
report shows that the shift in accountability is likely to continue
as information security becomes more relevant in risk management
and IT governance strategies. It also found that security is
becoming operationalised within organisations as they attempt to
align both their business and security strategies with the goal of
establishing a comprehensive information risk management
programme.
The majority of respondents - 73% - expect their influence with
executives and the board of directors to increase in the coming 12
months, as dialogue between corporate executives and information
security professionals evolves from a technical security discussion
to one of risk management strategies.
Other highlights from the report show that nearly 21% - or 29% of
those in the EMEA region - say their CEO is now ultimately
responsible for security. The areas where organisations are
investing in security are wireless security, identity and access
management, business continuity, and security event or information
management.
Meanwhile, the market looks good for those seeking
to work in the information security field. IDC estimates the number
of security professionals worldwide in 2005 to be 1.4 million, a 9%
increase over 2004. This figure is expected to increase to more
than 1.9 million by 2009.
To
download the study, visitwww.isc2.org/workforcestudy
.
There’s little doubt that with the claustrophobic
reliance on compliance, allied to the increasing sophistication of
threats, information security professionals are critical to
reducing companies’ risk management. A higher corporate profile –
and even recompense – should now be expected.