Reputation Damage Tops List of Security Concerns

In New Developments, internal auditors will find information about the most recent IT and audit research reports and survey results; new IT, security, and privacy legislation; and other news items of importance to auditors.

Reputation Damage Tops List of Security Concerns

The International Information Systems Security Certification Consortium (ISC2) Inc., a global information security (IS) certification organization, recently released its fourth annual 2008 Global Information Security Workforce Study. Conducted by analyst firm Frost & Sullivan, the survey provides insight into the important security trends and opportunities emerging worldwide.

According to the study of 7,548 security professionals from more than 100 countries in three major world regions, avoiding reputation damage is a top concern for IS leaders. In fact, 71 percent said avoiding harm to the company's brand was ahead of other hot topics, such as maintaining customer data privacy, controlling identity theft, and protecting against breaches of laws and regulations. Insider threats also still remain a top security problem, with 51 percent of IS professionals stating that employees pose the biggest threat to security.

"IS has become a business imperative for organizations of all sizes, with far-reaching concerns such as corporate reputation, the privacy of customer data, identity theft, and breach of laws and regulations driving IS governance," says Rob Ayoub, industry manager of network security for Frost & Sullivan.

Another significant survey finding is the increasing importance of IS activities around the world. For instance:

  • Smaller organizations (i.e., those with up to 500 employees) accounted for nearly 60 percent of respondents, representing a move from security as a priority for mostly larger organizations to companies of all sizes due to business requirements and compliance.
  • A third of respondents said their primary functional responsibilities are mostly managerial, and 20 percent of respondents were at the executive or manager level.
  • Pressure over data losses and compliance has driven security accountability to the executive level, with 49 percent of IS professionals reporting to executive management or the board of directors.
  • IS activities are becoming more data-focused, protecting data at rest and in transit.
  • Wireless security solutions, such as cryptography, storage security, and biometrics, were featured in the top five technologies used in most of the countries represented in the survey.

"This year's study acknowledges that effective IS programs enable businesses to grow and prosper," comments ISC2 Executive Director Eddie Zeitler, CISSP. "Consequently, professionals are being tasked more with the business security, while the administration of technical solutions is being integrated into the IS department."

To download this year's survey, visit the ISC2 Web site.