(ISC)2 has released new data, which suggests that top security executives are faced with a myriad of critical, yet sometimes paradoxical, security choices. The new report entitled “A View From the Top – The (ISC)” Global Information Security Workforce Study CXO Report,” offers a detailed perspective on the attitudes and plans of 1,634 C-level executives. Briefly, (ISC)2
The data was collected as part of (ISC)2’s sixth Global Information Security Workforce Study (GISWS) with Booz Allen Hamilton, by Frost & Sullivan. The study offers a snapshot of the priorities, plans and concerns of top security executives in a range of industries – and the challenges.
John Colley, Managing Director, (ISC)2 EMEA, said: “Senior security executives, it appears, are getting side-tracked from the key security issues at hand as they balance the pressures of an evolving threat landscape and the business. They recognise application vulnerability is the number one threat and yet they are unable to devote their time, attention and obvious leadership in the field to help correct the situation. It is imperative that they keep a strategic perspective on security, looking at the issues holistically in order to develop effective solutions to deal with problems, the nature of which is constantly changing.”
As for sometimes paradoxical, security choices: for example, CXOs said that two of their chief cyber security concerns are potential damage to the organisation’s reputation (83 percent) and IT service downtime (74 percent). Yet when asked how they spend their time, the top two answers were governance, risk and compliance (GRC, 74 percent), and security management (74 percent), which indicates that administrative tasks and priorities dominate their daily agendas.
Data is proliferating and becoming more fluid, yet the need to protect it is greater than ever. Similarly, there is the challenge of today’s sophisticated attackers, who are becoming increasingly skilled at hiding their exploits. The most significant threat to an organisation is what it does not know or cannot detect, the study suggested.
William Stewart, senior vice president at Booz Allen Hamilton, said: “It is clear that chief security executives are faced with an array of challenges that cannot be overcome by any single methodology or set of solutions. One of the biggest obstacles security departments face is the dynamic interplay between an organisation’s business and IT priorities and the rapidly changing nature of the threat environment. To overcome this challenge, CXOs need to focus on prioritising critical assets, closely collaborating with the other organisational leadership and conducting thoughtful and forward-looking threat analysis.”
Claimed to be the largest study of the information security profession ever, the 2013 GISWS was conducted in the fall of 2012 through a web-based survey. Since its first release in 2004, the study gauges the opinions of information security people and provides detailed insight into trends and opportunities within information security. The full study can be found here: https://www.isc2cares.org/IndustryResearch/GISWS/.
