Information Security Set for Explosive Growth

Driven by compliance and public confidence issues, information security is expected to expand dramatically over the next few years, according to new research released by Frost & Sullivan and (ISC)². Worldwide, the number of information security professionals will grow from 1.66 million in 2007 to about 2.7 million in 2012, experiencing a compound annual growth rate of 10 percent.

As a percentage, the bulk of this growth, according to the report, will happen in Europe, the Middle East, and Africa (13 percent collectively). However, the Americas, at a 10 percent CAGR, dominate in raw numbers, growing from 685,700 in 2007 to a little more than 1.1 million in 2012. The Asia-Pacific region will see the slowest compound annual growth of the three major regions, at 8 percent.

The report, entitled "The 2008 (ISC)² Information Security Workforce Study," polled 7,548 respondents from both the public sector and the private sector in fall 2007. It showed that the factors driving growth in information security include:

  • Regulatory compliance initiatives that place responsibility on executives;
  • Organizations' needs to prevent damage to reputation (i.e. maintaining public confidence); and
  • Tangible financial costs for failing to meet regulatory requirements.

On this last one, Frost & Sullivan estimated that the cost any data breach runs anywhere from $50 to $200 per record lost, not including intangible losses resulting from damage to an organization's reputation.

Security Technologies: Deployments
Within the information security industry, two clear winners emerged in terms of the categories of technologies expected to be deployed worldwide within the next 12 months: wireless security solutions (15 percent) and biometrics (14 percent). In the Americas, biometrics ranked at No. 1, with wireless security coming in at No. 2.

Beyond these, intrusion detection and disaster recovery/business continuity tied at 12 percent. At 11 percent each were storage security and cryptography. (Storage security did not make the top 5 in the Americas.)

At the 10 percent level were:

  • Intrusion prevention;
  • Risk management solutions;
  • Vulnerability assessment and penetration testing; and
  • Incident management.

At the 9 percent response level were:

  • Identity and access management;
  • Security event or information management;
  • Vulnerability management;
  • SIM (Security Information Management); and
  • Problem management.

And, at the lowest tier of the top-21 technologies scheduled for deployment, at 8 percent, were:

  • Compliance management;
  • Configuration management;
  • Database security;
  • Web application security;
  • SIEM (Security Information and Event Management); and
  • Change management.

Security Training
And in order to support these technologies and the security goals they represent, training for information security professionals in expected to increase in the next 12 months. Around the world, 56 percent of respondents reported that they expect spending on training to increase in the coming year. The Americas saw the highest response in this area, at 58 percent. Globally, only 4 percent of respondents said they expected decreases in spending on information security training, with the lowest figure in the Americas, at 2 percent.

The top-5 areas in which respondents indicated the need for training was greatest included security administration (50 percent), applications and system development security (35 percent), telecommunications and network security (31 percent), access control systems and methodology (30 percent), and business continuity and disaster recovery planning (29 percent).

Forty percent of respondents indicated that they personally expect to acquire additional certifications within the next 12 months.

Users: Oh Yeah ... Them
Respondents indicated, however, that users are the greatest problem facing information security, with a full 80 percent reporting that users following security policy is important (32 percent) or very important (48 percent) to overall security within an organization. In fact, security policy issues with users, management, and security personnel beat out all other categories in terms of perceived importance, including software solutions, hardware solutions, and even hiring qualified security staff.

The study did not poll information security professionals on their attitudes toward providing service to users within an organization. However, there was one area that touched on user needs, and that was in the area of training for security professionals in privacy. This ranked lowest among all cited areas of training, with only 25 percent of respondents citing the need for privacy training.

The report concluded: "Information security is a global, cross-vertical, organization-wide concern that cannot be addressed with technology solutions alone. It requires the unconditional commitment of an organization at the financial, management, and operational levels to proactively secure and protect the organization's logical and physical assets. Security management will always require the proper balance between people, policies, processes, and technology to effectively mitigate the risks associated with today's digitally connected business environment."

Further information about the study, including a link to the full report, can be found here.

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • Abstract geometric shapes including hexagons, circles, and triangles in blue, silver, and white

    Google Launches Its Most Advanced AI Model Yet

    Google has introduced Gemini 2.5 Pro Experimental, a new artificial intelligence model designed to reason through problems before delivering answers, a shift that marks a major leap in AI capability, according to the company.

  • Training the Next Generation of Space Cybersecurity Experts

    CT asked Scott Shackelford, Indiana University professor of law and director of the Ostrom Workshop Program on Cybersecurity and Internet Governance, about the possible emergence of space cybersecurity as a separate field that would support changing practices and foster future space cybersecurity leaders.

  • Two stylized glowing spheres with swirling particles and binary code are connected by light beams in a futuristic, gradient space

    New Boston-Based Research Center to Advance Quantum Computing with AI

    NVIDIA is establishing a research hub dedicated to advancing quantum computing through artificial intelligence (AI) and accelerated computing technologies.