Information Security Set for Explosive Growth

Driven by compliance and public confidence issues, information security is expected to expand dramatically over the next few years, according to new research released by Frost & Sullivan and (ISC)². Worldwide, the number of information security professionals will grow from 1.66 million in 2007 to about 2.7 million in 2012, experiencing a compound annual growth rate of 10 percent.

As a percentage, the bulk of this growth, according to the report, will happen in Europe, the Middle East, and Africa (13 percent collectively). However, the Americas, at a 10 percent CAGR, dominate in raw numbers, growing from 685,700 in 2007 to a little more than 1.1 million in 2012. The Asia-Pacific region will see the slowest compound annual growth of the three major regions, at 8 percent.

The report, entitled "The 2008 (ISC)² Information Security Workforce Study," polled 7,548 respondents from both the public sector and the private sector in fall 2007. It showed that the factors driving growth in information security include:

  • Regulatory compliance initiatives that place responsibility on executives;
  • Organizations' needs to prevent damage to reputation (i.e. maintaining public confidence); and
  • Tangible financial costs for failing to meet regulatory requirements.

On this last one, Frost & Sullivan estimated that the cost any data breach runs anywhere from $50 to $200 per record lost, not including intangible losses resulting from damage to an organization's reputation.

Security Technologies: Deployments
Within the information security industry, two clear winners emerged in terms of the categories of technologies expected to be deployed worldwide within the next 12 months: wireless security solutions (15 percent) and biometrics (14 percent). In the Americas, biometrics ranked at No. 1, with wireless security coming in at No. 2.

Beyond these, intrusion detection and disaster recovery/business continuity tied at 12 percent. At 11 percent each were storage security and cryptography. (Storage security did not make the top 5 in the Americas.)

At the 10 percent level were:

  • Intrusion prevention;
  • Risk management solutions;
  • Vulnerability assessment and penetration testing; and
  • Incident management.

At the 9 percent response level were:

  • Identity and access management;
  • Security event or information management;
  • Vulnerability management;
  • SIM (Security Information Management); and
  • Problem management.

And, at the lowest tier of the top-21 technologies scheduled for deployment, at 8 percent, were:

  • Compliance management;
  • Configuration management;
  • Database security;
  • Web application security;
  • SIEM (Security Information and Event Management); and
  • Change management.

Security Training
And in order to support these technologies and the security goals they represent, training for information security professionals in expected to increase in the next 12 months. Around the world, 56 percent of respondents reported that they expect spending on training to increase in the coming year. The Americas saw the highest response in this area, at 58 percent. Globally, only 4 percent of respondents said they expected decreases in spending on information security training, with the lowest figure in the Americas, at 2 percent.

The top-5 areas in which respondents indicated the need for training was greatest included security administration (50 percent), applications and system development security (35 percent), telecommunications and network security (31 percent), access control systems and methodology (30 percent), and business continuity and disaster recovery planning (29 percent).

Forty percent of respondents indicated that they personally expect to acquire additional certifications within the next 12 months.

Users: Oh Yeah ... Them
Respondents indicated, however, that users are the greatest problem facing information security, with a full 80 percent reporting that users following security policy is important (32 percent) or very important (48 percent) to overall security within an organization. In fact, security policy issues with users, management, and security personnel beat out all other categories in terms of perceived importance, including software solutions, hardware solutions, and even hiring qualified security staff.

The study did not poll information security professionals on their attitudes toward providing service to users within an organization. However, there was one area that touched on user needs, and that was in the area of training for security professionals in privacy. This ranked lowest among all cited areas of training, with only 25 percent of respondents citing the need for privacy training.

The report concluded: "Information security is a global, cross-vertical, organization-wide concern that cannot be addressed with technology solutions alone. It requires the unconditional commitment of an organization at the financial, management, and operational levels to proactively secure and protect the organization's logical and physical assets. Security management will always require the proper balance between people, policies, processes, and technology to effectively mitigate the risks associated with today's digitally connected business environment."

Further information about the study, including a link to the full report, can be found here.

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • minimalist bookcase filled with textbooks featuring vibrant, solid-colored spines with no text, and a prominent number "25" displayed on one of the shelves

    OpenStax Celebrates 25th Anniversary

    OpenStax is celebrating its 25th anniversary as 2024 comes to a close. The open educational resources initiative from Rice University has served almost 37 million students in 153 countries and saved students nearly $3 billion in course material costs since its launch in 1999.

  • Purdue University

    Purdue Opens Large Esports Facility

    Purdue University has opened a new gaming lounge for students training and competing in esports as well as casual gamers. The institution partnered with Dell Technologies to outfit the 2,000-square-foot-space with Alienware gaming equipment.

  • Abstract geometric pattern with interconnected nodes and lines

    Microsoft 365 Copilot Gets Expanded AI Capabilities, Collaboration Tools

    Microsoft has announced the next updates to its Microsoft 365 Copilot AI assistant, including expanded AI capabilities in individual apps, the ability to create autonomous agents, and a new AI-powered collaboration workspace.

  • glowing lines connecting colorful nodes on a deep blue and black gradient background

    Juniper Launches AI-Native Networking and Security Management Platform

    Juniper Networks has introduced a new solution that integrates security and networking management under a unified cloud and artificial intelligence engine.