2. Who expressed more concern?
• C-Levels over rank & file
• Large over small companies
• Developing over developed
countries
• More info sec workers
certified in developed (71%
CISSP) vs. developing (42%
CISSP) countries
Concern also varies by industry
vertical
• Most concerned about hackers,
hactivists, and organized crime:
Banking, Insurance, and Finance
• Most concerned about state-
sponsored acts and cyber
terrorism: Government
3. Across categories, higher
priorities by respondents in:
• Larger businesses
• Developing countries
90% Banking, Insurance, &
Finance
84% each Healthcare and
Banking, Insurance, & Finance
82% Telecom & Media
85% Healthcare
5. ►
►
►
Less than 20% of respondents are
directly engaged in software
development, procurement, &
outsourcing.
Plus, formal training is very low:
just 1% of respondents have
acquired Certified Secure Software
Lifecycle Professional (CSSLP®)
certification.
6. Limited control;
Users “find” ways to get in
and 53% of respondents state
user-owned devices allowed in.
Moderate control;
Cloud adoption is a company
decision.
Choose use and cloud type
based on risk assessment.
Stronger control;
“Been there, done that” in
managing electronic
communication risks
(email, IM, & Web).
7.
8. Private cloud
computing services
have least risk and
uncertainty.
Reflective of the ambiguity and non-
standardization of cloud services,
skill development is driven to the
basics: “understanding”.
Nearly 90% of all survey respondents
selected “How security applies to
the cloud” as an area of skill
development.
10. ►
Relatively more optimistic on preparedness: Those with security certifications,
C-Levels, large companies, and battle-tested industries (e.g., Banking,
Insurance, and Finance).
11. Topping the list of “within a day”
• 34% of respondents in Banking,
Insurance, and Finance
• 32% or respondents in Info Tech
• 31% each: C-Levels and
respondents in small businesses
Not so knowledgeable on
preparedness, topping the list of
“don’t know”
• 20% each: respondents
employed in Construction and
Utilities industries
• 19%: respondents in Retail &
Wholesale
12. Because
47% selected
Security Analyst
as being in short
supply
Greatest impact
on existing
information
security
workforce
30% expect
spending on
info. security
personnel to
increase over
next 12
months; 28%
on training and
education
14. The best of these
two technologies
narrow the field of
threats so security
analysts can
concentrate on the
most challenging and
complex incidents
and warnings.
15. ►
Ranks of information security professionals have grown substantially even
during harsh economic times.
The long-standing contributors of more business operations occurring over
networks, public and private, and a motivated, organized, and diverse
assortment of threat actors are non-reversing trends.
16. Near identical results
in two surveys, two
years apart, attests to
stability of information
security careers.