[ISN] Security pros win out in office politics

Wed Oct 19 03:03:10 EDT 2005

http://www.theregister.co.uk/2005/10/18/security_workforce_study/

By John Leyden
18th October 2005 

More than a quarter (25.4 per cent) of the security workforce in
Europe spends most of their workday dealing with internal politics or
selling security to upper management, according to early results from
a new survey. The second annual workforce study from security
certification and training organisation ISC(2) also found that either
researching or implementing new technologies occupied the majority of
time for around a third (30.1 per cent) of the 595 experienced
security practitioners and managers quizzed.

According to the survey, the efforts of many in the profession to sell
their value to the organisations they work for are beginning to pay
off. Survey respondents were generally optimistic about levels of
influence within their organizations, with a third (33.4 per cent)  
saying that information security’s level of influence within business
units and executive management has significantly increased.

The survey, conducted by analyst firm IDC on behalf of ISC(2), also
looked at the places inhabited by security functions within
organisations. Around one in five (18.8 per cent) of those quizzed
report into a dedicated security or information assurance department,
with another one in ten (10.5 per cent) reporting directly to the
board of directors and 17.4 per cent to executive management. This
compares to around a quarter (28.4 per cent) who indicated they
reported directly into an IT department. "We are encouraged to see
from the study strong evidence that information security is becoming a
domain in its own right, separate from IT, and backed by a swell in
the desire to professionalise security as a recognised field of
practice," said Sarah Bohne, director of communications at (ISC)2.

Around two-thirds of survey respondents (62.2 per cent) said they
would be pursuing information security certifications in the next 12
months. The demand for training reflects a desire by those quizzed to
learn broader management skills, with the top areas of interest
including information risk management (51.3 per cent), business
continuity and disaster recovery (50.6 per cent) and security
management practices (44.1 per cent).

A preview of findings from (ISC)2 Information Security: The Shape of
the Profession was delivered during a presentation at this week's RSA
Europe conference in Vienna, Austria. The full report of global
results, including salaries, and the expected rate of growth in the
information security workforce, is due to be published in December. ®