jueves, 23 de enero de 2014

2013 (ISC)2 Global Information Security Workforce Study

The (ISC)² Global Information Security Workforce Study reflects the opinions of the dynamic information security workforce. It is the largest study of its kind and provides detailed insight into important trends and opportunities within the information security profession. 

2013 GISWSIt aims to provide a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitude toward information security that is of use to companies, hiring managers and information security professionals.  


Download:



The study tracks down results of different surveys submitted to different security professionals, with the premise that “information security profession, in addition to being a large and growing field, is a barometer of economic health and the changing nature of how business is being conducted: […] growth in this profession a signal that global economic activity is advancing”. From the previous Workforce study, 2011, the most relevant news are the explosion of BYOD and cloud computing.

Information Security professionals must face new risk management challenges and they are usually involved in cross-activities (network hardening and software security, third party assessment and code review,…). Secure software development is much more present in Security Professional activities than 2 years before, as professionals agree that and serious consequences —data breaches, disrupted operations, lost business, brand damage, and regulatory fines – is one of the most important drivers in Security activities. Secure software development, more than any other discipline, is where the largest gap between risk and response attention by the information security profession exists.

Information security professionals are very stable in their employment; more than 80 percent had no change in employer or employment in the past year, and the number of professionals is projected to continuously grow more than 11 percent annually over the next five years. There is still an high request, as Information security professionals trump products in effectiveness: in a ranking of importance, software and hardware solutions rank behind the effectiveness of information security professionals. (ISC)2 membership and location drive higher salaries – The salary gap between (ISC)2  members and non-members is widening. In America 79 % of (ISC)2 security professionals have average salaries of US$80,000 or more. Workforce shortages persist and the impact of shortage is the greatest on the existing workforce. Knowledge and certification of knowledge weigh heavily in job placement and advancement; 70% of respondents consider Certifications as reliable credentials to assess competencies; broad understanding of the security field was the #1 factor in contributing to career success, followed by communication skills.

Application vulnerabilities rank the highest in security concern, malware and mobile device are close seconds. About attack response, 28% percent believe their organizations can remediate from a targeted attack within one day, but the preparedness to an attack has worsened compared to the respondents in the 2011 survey. A multi-disciplinary approach is required to address the risks in BYOD and cloud computing, especially with cloud computing (organizations balance the type of cloud environment with their level of acceptable risk and ability to control risk); the use of private clouds to get more control over the cloud infrastructure is confirmed by respondents.