(ISC)2(R) Global Information Security Workforce Study Reveals Asia-Pacific Respondents Anticipate an Increase in Information Security Spending Across the Board
HONG KONG, April 23 /Xinhua-PRNewswire/ -- Avoiding reputation damage to the organization was viewed as a top priority for security programs by nearly three quarters of information security professionals surveyed in a worldwide study launched today by (ISC)2(R) ("ISC-squared"), the non-profit global leader in educating and certifying information security professionals throughout their careers.
The 2008 Global Information Security Workforce Study ("GISWS") was conducted by analyst firm Frost & Sullivan on behalf of (ISC)2. It surveyed 7,548 information security professionals, including over 1,500 ‘C-suite’ executives and security managers, as well as practitioners and IT and other professionals with responsibility for information security, from companies and public sector organizations in more than 100 countries. Respondents came from the three major regions of the world: Asia-Pacific (34 percent), Americas (41 percent), and Europe, Middle East and Africa ("EMEA") (25 percent). Web-based surveys were distributed to targeted information security respondents worldwide in the third quarter of 2007.
"This fourth edition of the study demonstrates more than ever before that information security has become a business imperative for organizations of all sizes, with far-reaching concerns such as corporate reputation, the privacy of customer data, identity theft, and breach of laws and regulations driving information security governance," said Rob Ayoub, Frost & Sullivan industry manager, network security.
Pressure over data loss and compliance has driven accountability for information security to the executive level, with 49 percent of information security professionals reporting to executive management or boards of directors. Other study highlights include:
-- Smaller organizations (up to 500 employees) accounted for nearly 60 percent of respondents, signifying a move from security as a priority for mostly larger organizations to organizations of all sizes due to business requirements and compliance, including the impact of the payment card industry’s PCI-DSS.
-- A third of respondents said their primary functional responsibilities are mostly managerial. An additional 48 percent also reported that their functional responsibilities will be mostly managerial in the next two to three years, suggesting a changing focus in their roles.
-- Approximately 20 percent of respondents were at the executive (Chief Information Officer, Chief Information Security Officer, Chief Security Officer, Chief Risk Officer) or manager level.
-- Communications skills were seen as "very important" or "important" by 81 percent of respondents to be a successful professional. Business skills were also seen as very important or important by 69 percent of respondents.
-- Information security is moving beyond the perimeter and becoming more data-focused, protecting data both at rest and in transit, with wireless security solutions, cryptography, storage security and biometrics featured in the top five technologies being deployed in most regions.
-- Information security awareness is appreciated as a significant factor in effective information security management: Users following information security policy was identified globally as the most important factor in a security professional’s ability to protect the organization. In addition, 51 percent of respondents identified internal employees as the biggest threat to their organizations.
-- Seventy-eight percent of hiring managers cited certifications as either "very important" or "somewhat important." While "quality of work" and "company policy" were the top reasons given for certification’s importance, a new reason -- "customer requirement" -- was identified by 33 percent of respondents requiring certifications.
Frost & Sullivan estimates the number of information security professionals worldwide to be approximately 1.66 million. This figure is expected to increase to almost 2.7 million professionals by 2012, displaying a compound annual growth rate (CAGR) of 10 percent globally. Respondents report information security spending on personnel remained stable in the Americas and EMEA in 2007 compared to 2006. In contrast, Asia-Pacific respondents anticipate an increase in information security spending across the board.
"Respondents from Asia-Pacific reported they expected training and education to increase in the next 12 months, and 31 percent reported that staff spending increased in the last 12 months," added Ayoub. "This growth is mainly due to the maturation of the information security profession in Asia-Pacific as information security becomes a top priority for organizations, especially large corporations, worldwide."
Other Asia-Pacific highlights from the study include:
-- Respondents from Asia-Pacific see a growing demand for security administration (54 percent), applications and systems development for security (36 percent) and telecommunications and network security (34 percent).
-- Top five security technologies being deployed by Asia-Pacific respondents are wireless security, intrusion prevention, disaster recovery/business continuity, biometrics and cryptography.
-- Average annual salaries in Asia-Pacific for those with at least five years of experience continue to come closer in line to those in other regions, moving in 2007 to US$53,701, compared to US$93,505 in the Americas. This reflects the increased importance being placed on security and the number of experienced professionals in the region.
-- The profession is maturing globally, with average experience levels reported at 7.1 years in Asia-Pacific, 9.5 years in the Americas and 8.3 years in EMEA. Professionals across all regions also reported high levels of post-secondary education.
"This year’s study acknowledges that effective information security programs enable businesses to grow and prosper," said Eddie Zeitler, CISSP, executive director of (ISC)2. "Consequently, professionals are being tasked more with the business of security, managing and consulting on its broad contribution to the business, while the administration of technical solutions is being integrated into the IT department."
"Opportunities in the information security field will continue to grow despite slower economic growth worldwide because of the increased pressure on professionals to ensure responsible and secure business interactions coming from consumers, B2B customers, strategic partners and regulatory bodies," said Zeitler.
To download a copy of the study, please visit http://www.isc2.org/workforcestudy .
About (ISC)2
The International Information Systems Security Certification Consortium, Inc. ((ISC)2(R)) is the internationally recognized Gold Standard for certifying information security professionals. Founded in 1989, (ISC)2 has certified over 58,000 information security professionals in 135 countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong and Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP(R) and related concentrations, Certification and Accreditation Professional (CAP(R)), and Systems Security Certified Practitioner (SSCP(R)) credentials to those meeting necessary competency requirements. The CISSP, CISSP-ISSEP(R), CISSP-ISSAP(R) and SSCP are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers a continuing professional education program, a portfolio of education products and services based upon (ISC)2’s CBK(R), a taxonomy of information security topics, and is responsible for the (ISC)2 Global Information Security Workforce Study. More information is available at http://www.isc2.org .
(C) 2008, (ISC)2 Inc. (ISC)2, CISSP, ISSEP, ISSAP, CAP, SSCP and CBK are registered marks of (ISC)2, Inc.
