Successfully securing IT infrastructures
October 26, 2006
An Internet security report says that, more and more today, global organizations need to focus more attention on policies, processes and people rather than security technology if they are to successfully protect complex IT infrastructures.
An IDC survey of a little more than 4,015 IT security professionals in more than one-hundred countries reveals that companies have traditionally neglected the important role of human behavior in favor of trusting software and hardware to help solve Internet security issues.
But survey respondents said various organizations are now starting to recognize that technology is an enabler, not the solution, for implementing and executing a sound security strategy.
IDC's report also found that responsibility for implementing a sound security strategy is being increasingly shared across organizations, making board-level officers accountable as part of a well-defined and articulated risk management program.
Pursuing a global trend identified in 2005's study, responsibility for securing information assets is switching from the CIO into other areas of senior management and business, including the chief executive officer, chief financial officer, chief risk officer and chief information security officer, as well as legal and compliance departments.
"For organizations to proactively secure and protect their infrastructures, information, financial and physical assets require the unconditional commitment to security at the financial, management and operational levels," said Allan Carey, program manager at IDC who led the study.
"Security management will always require the proper balance between people, policies, processes and technology to effectively mitigate the risks associated with today's digitally-connected business environment."
IDC analysed responses from 4,016 full-time information security professionals in more than 100 countries, with nearly 40 percent employed by organizations with $1 billion or more in annual revenue. Respondents came from three major regions of the world: North, Central and South America (57.3 per cent), EMEA (Europe, Middle East, Africa) (22.8 per cent), and A-P (Asia-Pacific, including Japan) (19.5 per cent).
Based on the report, IDC estimates the number of information security professionals worldwide in 2006 to be 1.5 million, an 8.1 per cent increase over 2005. This figure is expected to increase to slightly more than two million by 2010.
During the past 12 months, 67 per cent of security practitioners believe their efforts were effective in influencing management and the business stakeholders to drive security awareness and responsibility to their organisations. Looking forward to 2007, 73 per cent believe that they will be able to drive change in their organisations.
Overall, organisations were found to be spending a greater percentage of their information security budgets on personnel and training in 2006 than in 2005. Firms are spending more than 41 per cent of their security budgets, on average, on personnel and training to staff projects and support post-deployment management.
"IDC believes that the security professionals who participated in this study are taking their message to the masses and acting as 'change agents' within their organisations to ensure information security is recognised for its positive contributions to the business, as opposed to the sunk cost it has been perceived to be in past years," Carey said.
"The message of people and processes being absolutely crucial to effective information security is finally starting to resonate with business leaders."
"Security breaches that have made headlines during the past year have been a result of human error, and this year's Global Information Security Workforce Study further validates the conventional wisdom long held by information security professionals that people are the critical component of an effective information security programme," added Ed Zeitler, CISSP, executive director, (ISC)2.
"The fact that professionals are being heard by the C-suite and security responsibility is being shared across the organisation demonstrates that the information security profession has arrived and is being valued as an indispensable business component."
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing