Security status rises

New research from The International Information Security Certification Consortium (ISC2) shows that IT security professionals are boosting their profile in the boardroom. 

Sponsored by ISC2 and conducted by IDC (a sister company to Network World), the Global Information Security Workforce Study concludes that CEOs, boards of directors or CISO/CSOs are increasingly being held accountable for their company’s security. The survey is based on responses from 4,306 IT security pros.

Among the respondents, 73% expect their influence with executives and the board of directors to increase in the coming year. Close to 21% of respondents say the CEO is now ultimately responsible for security, while about 9% say the buck stops with the board of directors. CIOs are increasingly off the hook in terms of holding final responsibility, with accountability dropping to about 30.5% from approximately 38% in 2004. Responsibility increased from 21% in 2004 to 24% this year for CISO/CSOs.

“This year, professionals worldwide indicated that information security is now being perceived as a business enabler rather than a business expense, and as a result, they are increasingly being included in strategic discussions with the most senior levels of management,” says Rolf Moulton, president and interim CEO of ISC2. “This demonstrates the competency of information security professionals is being recognized as key to an effective security strategy.”

Security professionals can enjoy a positive market outlook. IDC estimates the number of security professionals worldwide to be about 1.4 million, a 9% increase over 2004. The research firm expects that number to increase to 1.9 million by 2009.