Management support of security policies is the most important element in effectively securing organizations infrastructure, according to the third annual Global Information Security Workforce Study, conducted by analyst firm IDC and sponsored by the (ISC)².
The list of imperative ingredients for a secure infrastructure also included having users follow security policy, having qualified security staff, and software and hardware solutions. Responses came from more than 4,000 information security professionals in over 100 countries.
Technology as an enabler, but not the solution, for implementing a sound security strategy was an ongoing theme in the results.
Processes and people were also highlighted in responses; these are areas which have been traditionally overlooked in favor of trusting hardware and software to solve security problems.
The study, released Oct. 25, found that increasingly, responsibility for security information assets is shifting from the CIO to other senior managers, and in many cases, outside IT altogether to chief financial and chief risk officers and legal and compliance departments.
The number of information security professionals worldwide will jump to 1.5 million, an 8.1 percent increase over 2005. Expected to increase at a compound annual growth rate of 7.8 percent between 2005 and 2010, information security outpaces IT as a whole, where the increase in employees in the same time frame is 4.6 percent.
U.S. and EMEA information security professionals rated risk management as a top training priority, followed by business continuity and forensics.
Organizations seem to be in-line with this priority, as they are spending a greater percentage of their information security budgets on training in 2006 over 2005.
Down from a peak of 92 percent in 2004, information security certifications were still rated as highly prioritized by 85 percent of hiring managers in 2006.