The (ISC)² Global Information Security Workforce Study reflects the
opinions of the dynamic information security workforce. It is the
largest study of its kind and provides detailed insight into important
trends and opportunities within the information security profession.
It
aims to provide a clear understanding of pay scales, skills gaps,
training requirements, corporate hiring practices, security budgets,
career progression and corporate attitude toward information security
that is of use to companies, hiring managers and information security
professionals.
Download:
The study tracks down results of different surveys submitted to
different security professionals, with the premise that “information
security profession, in addition to being a large and growing field, is a
barometer of economic health and the changing nature of how business is
being conducted: […] growth in this profession a signal that global
economic activity is advancing”. From the previous Workforce study,
2011, the most relevant news are the explosion of BYOD and cloud computing.
Information Security professionals must face new risk management challenges and they are usually involved in cross-activities (network hardening and software security, third party assessment and code review,…). Secure software development is
much more present in Security Professional activities than 2 years
before, as professionals agree that and serious consequences —data
breaches, disrupted operations, lost business, brand damage, and
regulatory fines – is one of the most important drivers in Security
activities. Secure software development, more than any other discipline,
is where the largest gap between risk and response attention by the
information security profession exists.
Information security professionals are very stable in their employment;
more than 80 percent had no change in employer or employment in the
past year, and the number of professionals is projected to continuously
grow more than 11 percent annually over the next five years. There is
still an high request, as Information security professionals trump
products in effectiveness: in a ranking of importance, software and
hardware solutions rank behind the effectiveness of information security
professionals. (ISC)2 membership and location drive higher salaries – The salary gap between (ISC)2 members and non-members is widening. In America 79 % of (ISC)2 security
professionals have average salaries of US$80,000 or more. Workforce
shortages persist and the impact of shortage is the greatest on the
existing workforce. Knowledge and certification of knowledge weigh
heavily in job placement and advancement; 70% of respondents consider Certifications as reliable credentials to assess competencies;
broad understanding of the security field was the #1 factor in
contributing to career success, followed by communication skills.
Application vulnerabilities rank the highest in security concern, malware and
mobile device are close seconds. About attack response, 28% percent
believe their organizations can remediate from a targeted attack within
one day, but the preparedness to an attack has worsened compared
to the respondents in the 2011 survey. A multi-disciplinary approach is
required to address the risks in BYOD and cloud computing, especially
with cloud computing (organizations balance the type of cloud
environment with their level of acceptable risk and ability to control
risk); the use of private clouds to get more control over the cloud infrastructure is confirmed by respondents.
No hay comentarios:
Publicar un comentario