Critical Skills Gap Also Found in (ISC)2-Sponsored, Frost & Sullivan Study of More than 10,000 Information Security Professionals Worldwide
HONG KONG, Feb. 18, 2011 /PRNewswire-Asia/ -- A study based on a survey of more than 10,000 information security professionals worldwide finds that a growing number of technologies being widely adopted by businesses are challenging information security executives and their staffs, potentially endangering the security of government agencies, corporations and consumers worldwide over the next several years.
Conducted by Frost & Sullivan, the 2011 (ISC)2® Global Information Security Workforce Study (GISWS) says new threats stemming from mobile devices, the cloud, social networking and insecure applications, as well as added responsibilities such as addressing the security concerns of customers, have led to "information security professionals being stretched thin, and like a series of small leaks in a dam, the current overworked workforce may be showing signs of strain."
Conducted on behalf of (ISC)2, the not-for-profit global leader in educating and certifying information security professionals throughout their careers, the study also shows a severe gap in skills needed industry-wide. Information security professionals admitted they needed better training yet reported in significant numbers that many of these technologies are already being deployed without security in mind.
"In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around," said Robert Ayoub, global program director - network security for Frost & Sullivan. "Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide.
"We can reduce the risks, however, if we invest now in attracting high-quality entrants to the field and make concurrent investments in professional development for emerging skills. As the study finds, these solutions are underway, but the question remains whether enough new professionals and training will come soon enough to keep global critical infrastructures in the private and public sectors protected."
"The good news from this study is that information security professionals finally have management support and are being relied upon and compensated for the security of the most mission-critical data and systems within an organization," added Ayoub. "The bad news is that they are being asked to do too much, with little time left to enhance their skills to meet the latest security threats and business demands."
Other key findings from the study include:
"With the increasing demand for information security professional due to security threats, we need to change our approach to global cyber security to address the skills gaps revealed by the study," said Dr Lee Jae-woo, co-chair for the (ISC)2 Asian Advisory Board and Fellow of (ISC)2. "Especially in Asia, we see the career opportunities are growing. In order to fill the gap of professional demands, we urge industry, government, academia and the profession to collaborate to attract a new generation of highly qualified information security talent while supporting current professionals to help them address the latest threats."
Likely the largest study of the information security profession ever conducted, 10,413 information security professionals from companies and public sector organizations from around the world were surveyed in the fall of 2010, including 61 percent in the Americas, 22.5 percent in Europe, the Middle East and Africa, and 16.5 percent in Asia Pacific. Forty-five percent were from organizations with over 10,000 employees.
The average experience of respondents worldwide was more than nine years, while five percent of respondents held executive titles such as Chief Information Security Officer. Additionally, Frost & Sullivan supplemented the analysis with its other primary data sources and methods.
The objective of the GISWS, the fifth study sponsored by (ISC)2 since 2004, is to provide meaningful research about the information security profession to industry stakeholders, including professionals, corporations, government agencies, academia, and hiring managers.
The full study can be found here: https://www.isc2.org/workforcestudy/Default.aspx.
About (ISC)2
(ISC)2 is the largest not-for-profit membership body of certified information security professionals worldwide, with nearly 75,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)2 issues the Certified Information Systems Security Professional (CISSPÒ) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLPÒ), Certified Authorization Professional (CAPÒ), and Systems Security Certified Practitioner (SSCPÒ) credentials to qualifying candidates. (ISC)2's certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers education programs and services based on its CBK®, a compendium of information security topics. More information is available at www.isc2.org.
© 2011, (ISC)2 Inc. (ISC)2, CISSP, CSSLP, ISSAP, ISSMP, ISSEP, CAP, SSCP and CBK are registered marks of (ISC)2, Inc.
Contact:
Kitty Chung
(ISC)2 Asia-Pacific
Tel: +852-3520-4001
Email: kchung@isc2.org