Security pros win out in office politics

More than a quarter (25.4 per cent) of the security workforce in Europe spends most of their workday dealing with internal politics or selling security to upper management, according to early results from a new survey. The second annual workforce study from security certification and training organisation ISC(2) also found that either researching or implementing new technologies occupied the majority of time for around a third (30.1 per cent) of the 595 experienced security practitioners and managers quizzed.

According to the survey, the efforts of many in the profession to sell their value to the organisations they work for are beginning to pay off. Survey respondents were generally optimistic about levels of influence within their organizations, with a third (33.4 per cent) saying that information security’s level of influence within business units and executive management has significantly increased.

The survey, conducted by analyst firm IDC on behalf of ISC(2), also looked at the places inhabited by security functions within organisations. Around one in five (18.8 per cent) of those quizzed report into a dedicated security or information assurance department, with another one in ten (10.5 per cent) reporting directly to the board of directors and 17.4 per cent to executive management. This compares to around a quarter (28.4 per cent) who indicated they reported directly into an IT department. "We are encouraged to see from the study strong evidence that information security is becoming a domain in its own right, separate from IT, and backed by a swell in the desire to professionalise security as a recognised field of practice," said Sarah Bohne, director of communications at (ISC)2.

Around two-thirds of survey respondents (62.2 per cent) said they would be pursuing information security certifications in the next 12 months. The demand for training reflects a desire by those quizzed to learn broader management skills, with the top areas of interest including information risk management (51.3 per cent), business continuity and disaster recovery (50.6 per cent) and security management practices (44.1 per cent).

A preview of findings from (ISC)2 Information Security: The Shape of the Profession was delivered during a presentation at this week's RSA Europe conference in Vienna, Austria. The full report of global results, including salaries, and the expected rate of growth in the information security workforce, is due to be published in December. ®