Executives are More Accountable for Information Security

By | December 8, 2005

Latest study from (ISC)2 shows that information security professionals are gaining influence in the board room. Management will spend more than 43 percent of its IT security budget on personnel, education and employee training.

The International Information Systems Security Certification Consortium (ISC)2 results of its second annual Global Information Security Workforce study reveals the profession continued to mature and information security responsibility moved up the management hierarchy. The results also found that security is becoming operationalised within organizations as they attempt to align their business and security strategies with the goal of establishing a comprehensive information risk management program.

“This year, professionals worldwide indicated that information security is now being perceived as a business enabler rather than a business expense, and as a result, they are increasingly being included in strategic discussions with the most senior levels of management,” said Rolf Moulton, president and CEO of (ISC)2.

(ISC)2 expects this accountability shift to grow as the study shows 21%, up from 12%, said their CEO is fully responsible security and over 70% of IT security professionals expect their influence with executives and the board of directors to increase.

Moreover, professionals are looking for additional training in business continuity, forensics, and IT risk management, all of which factored higher demand indicated in 2004. Businesses are planning to invest their security budget in wireless security, identity and access management, business continuity, and security event or information management.

“This year´s study shows that information security has become a critical component of the enterprise. Complex security solutions, regulatory requirements and encroaching threat advances are driving organisations to entrench security strategies and policies and rely on highly educated, highly qualified professionals who must perform an ever-growing list of activities such as threat mitigation, compliance auditing, and proactive security management and monitoring,” said Allan Carey, the IDC analyst who led the study.

Leave a Reply