Information security professionals are now more highly regarded, and are moving up the corporate ladder towards the board, according to a survey by analyst firm IDC.
The survey was conducted on behalf of the International Information Systems Security Certification Consortium, known as (ISC)2. The organisation educates and certifies information security professionals worldwide.
The report shows that the shift in accountability is likely to continue as information security becomes more relevant in risk management and IT governance strategies. It also found that security is becoming operationalised within organisations as they attempt to align both their business and security strategies with the goal of establishing a comprehensive information risk management programme.
The majority of respondents - 73% - expect their influence with executives and the board of directors to increase in the coming 12 months, as dialogue between corporate executives and information security professionals evolves from a technical security discussion to one of risk management strategies.
Other highlights from the report show that nearly 21% - or 29% of those in the EMEA region - say their CEO is now ultimately responsible for security. The areas where organisations are investing in security are wireless security, identity and access management, business continuity, and security event or information management.
Meanwhile, the market looks good for those seeking to work in the information security field. IDC estimates the number of security professionals worldwide in 2005 to be 1.4 million, a 9% increase over 2004. This figure is expected to increase to more than 1.9 million by 2009.
To download the study, visit www.isc2.org/workforcestudy.
There’s little doubt that with the claustrophobic reliance on compliance, allied to the increasing sophistication of threats, information security professionals are critical to reducing companies’ risk management. A higher corporate profile – and even recompense – should now be expected.