The International Information Systems Security Certification Consortium [(ISC)2] recently announced the results of its third-annual Global Information Security Workforce Study, which was conducted by global analyst firm IDC and sponsored by (ISC)2.
The study polled more than 4,000 information security professionals in more than 100 countries. Foremost among its findings was the conclusion that people and processes are at least as important as technology in securing information — companies handling sensitive information don’t just secure software and hardware themselves but now train toward security.
“You have to have an educated workforce,” said Ed Zeitler, (ISC)2 executive director. “An employee needs to understand that information is valuable. They don’t realize it’s valuable because they handle it every day and, you know, who cares? Well, it is important.”
According to the study, on average, more than 41 percent of information security budgets is spent on personnel salaries, benefits, education and training.
Another of the study’s key findings is that responsibility for IT security is moving into the C-level at many organizations, with executives and board members now sharing more in the accountability for information security and overall risk management.
“A few years ago, the CIO alone was held responsible for information security,” Zeitler said. “The responsibility is rising into the CEO and the board level. It used to be strictly a technical problem, stuck to the CIO to take care of it. Now there’s more to it than just the CIO’s part.”
Please log in or subscribe to read this article