Perspective
Workforce Study: Global Information Security
by Sudhanshu Awasthi
Technical Associate,
Tech Mahindra
This study is designed to provide a snapshot of the security workforce today and a quick look into the Future of the information security profession.
Information Security is an essential function in today’s business environment. Regulations such as SOX, HIPAA, GLB, and CA SB1386/AB1950 are continually raising the bar for corporate security standards. Data such as financial records, employee personal information, client lists and data, proprietary code, email, and web content must be secured to control business risk and maintain compliance. Securing an organization’s information assets is a relentless battle. The constant barrage of threats keeps information security professionals in a reactive mode. Cyber criminals are generating attacks using a growing arsenal of weapons, including spam, phishing, malware, and spyware; however, the intent of malicious activity has clearly shifted away from notoriety towards profit. According to various threat reports, more zero-day attacks are surfacing than ever before, further highlighting the need for executives to gain broad visibility across the organization and develop a proactive security strategy.
The formulation of a security strategy also requires people and processes to be addressed as they, too, are significant areas for exposure. If overlooked, intentional and unintentional behavior of users, social engineering, lack of business continuity planning, or insufficient separation of duties can all lead to serious consequences. Organizations must evaluate all internal and external risks on both physical and logical levels to properly execute against their risk management objectives. External and internal threats leave little time for information security professionals to research new technologies and review policies and processes to get ahead of the security problems. Executive buy-in, end-user awareness, and information security staff competencies continue to be challenging areas for security practitioners as they balance their time between IT and business. This balance will play a crucial role moving forward as information security professionals become a vital link to their organizations’ success, a trend that has continued over the past three years. This study is designed to reflect the opinions of today’s security workforce and provide a glimpse into the future of the information security profession. I believe The following factors will keep information security high on the organizations’ priority list for the foreseeable future:
! Increasing regulatory compliance within the private and public sectors requires strong security policies, processes, and controls, which will force organizations to adopt security standards and frameworks for a long-term approach to mitigating risk.
! Evolving and emerging threats and attacks will continue to require security professionals to learn new skills and techniques.
! Accountability between information security professionals and management falls on several key executives to manage growing risk exposures.
! Both physical and logical securities are at risk, which means that security is now everyone’s responsibility within the organization.
Information security is an industry-agnostic, global, organization-wide difficulty that cannot be addressed with technology solutions alone. It requires the unconditional commitment of an organization at the financial, management, and operational levels, to proactively secure and protect the organization’s logical and physical assets. Security management will always requires the proper balance between people, policies, processes, and technology to effectively mitigate the risks associated with today’s digitally connected business environment.
Disclaimer : The views
expressed in the articles are author’s own views B’Cognizance or
IIITA is not liable for any objections arising out of the same.
The matter here is solely for academic use only.