Thirty years ago, information security was in its infancy. Many companies did not take threats to their infrastructure seriously. For those companies that did, the majority of people responsible for protecting information assets did not have a formal background or education in the field — they obtained their experience in information technology or related disciplines, transferring into information security only as the need arose. Information security professionals frequently reported to someone in IT and did not carry much weight with upper-management.
With today’s ever-growing advances in technology and the resulting increases in threats to information, the importance of and need for qualified information security professionals never has been higher. Organizations increasingly rely on information security professionals to protect not only their information assets but also their brand reputation, stock value and to meet compliance regulations.
In the “2006 Global Information Security Workforce Study” conducted by IDC and sponsored by International Information Systems Security Certification Consortium [(ISC)2], a majority of the 4,000 information security professionals who responded think technology alone cannot protect an organization’s information assets. People are the key to a secure organization, and employers are demanding qualified information security staff to effectively secure their infrastructure.
With the high value now placed on having qualified personnel, it is clear information security professionals have become an integral part of an organization’s business model.
Information security has grown to reflect a diverse community of individuals with varying strengths and aspirations, with an increasing number creating policy and reporting…
Please log in or subscribe to read this article