Thursday, December 15, 2005

Global InfoSec Workforce Study summary

Ciske van Oosten of our European practice, kindly provided this nice summary of the 28 page report on this study. Many CISSP's received a free copy of this report - which can be downloaded from the (ISC) website.

The 2005 Global Information Security Workforce Study (GISWS) was conducted during the summer of 2005 on behalf of (ISC)2, a nonprofit organization dedicated to providing education, certification, and peer-networking opportunities for information security professionals worldwide. (ISC)2 engaged IDC for the second consecutive year to provide detailed insight into the important trends and opportunities in the profession worldwide. This report had 4,305 respondents representing 81 countries. The number of information security professionals worldwide in 2005 is estimatedto be 1.4 million, a 9% increase over 2004.

Security Trends and Challenges
Security is becoming operationalized. Movement is away from reactive security, and a more proactive risk management approach is taking hold in large organizations. Government compliance requires due diligence and a longer-term strategy. Regulations are forcing organizations to evaluate and modify their business processes and operations with security in mind. Complexity persists as a security factor. The growing number of systems, networks, applications, and users creates an enormous management challenge.

On training and certification
The number of individuals reporting achievement of a master's degree or itsequivalent first stage of tertiary education was up in 2005. For example, 42% ofprofessionals in Europe, Middle East, and Africa (EMEA), compared with 32%last year, reached this level of education. More than 60% of information security professionals stated that they intend to acquire at least one more certification in the next 12 months. On average, 86% of security professionals said that security certifications are important to their career advancement. Certifications are not only important from a career standpoint, but further training enables professionals to stay on top of the most current trends, identify how trends will impact risk to their organizations, and determine best solutions/practices for mitigating risk in the overall context of their organizations' risk management strategies.

The results suggest that the security profession in Central Europe, Middle East, and Africa is not as mature as Western Europe's.

Specifically for the European region:

Top 5 Areas of Interest for Additional Security Training :

1. ISO/IEC 17799
2. Information risk management
3. Business continuity and disaster recovery planning
4. Security management practices
5. Forensics

Top 5 Security Technology Solutions Being Deployed:

1. Identity and access management
2. Security event or information management
3. Business continuity and disaster recovery solutions
4. Risk management solutions
5. Wireless security solutions

CATEGORIES: 1survey, 1summary, 1trends, 1training, 1certification, 1compliance
Rate this post: (Provided by NewsGator)


Post a Comment

Links to this post:

Create a Link

<< Home