A changing profession

Latest figures from (ISC)2 (the International Information Systems Security Certification Consortium), which is responsible for the CISSP qualification, show that more security managers are now reporting directly to the board.

In its second annual Global Information Security Workforce Study, carried out by IDC, most respondents said they expect their influence with executives and the board of directors to increase in the coming 12 months, as dialogue between corporate executives and information security professionals has evolved from a technical security discussion to one of risk-management strategies.

The study (www.isc2.org/workforcestudy) sought the views of 4,305 full-time information security managers in more than 80 countries. It found that, on the whole, European IT security professionals are currently better qualified than their US counterparts and have made more progress in gaining main board attention.

But on both sides of the Atlantic, the job of the head of security is fast moving from being just a branch of IT to a more free-ranging role that involves contact with many different areas of the business.

In Europe, 77.8 per cent said their influence with the board would increase over the next year. This meant acquiring new skills, with business continuity, forensics and risk management being the most in demand.

More than 62 per cent said they would look to acquire specific security qualifications this year, although 42 per cent said they are already educated up to Masters level.

The general trend was confirmed last month by the first London meeting of the CSO Interchange, where around 30 very senior professionals confirmed the shift in acceptance for IT security. Most agreed that security had moved from being regarded in their organisations as an "unnecessary evil" to at least a "necessary level", and for some it had even assumed the status of a "business enabler".

The most significant indicator came when they were asked what they believed was the most significant attribute of a successful CSO. None of them chose technical knowledge, while 92 per cent identified communicating and influencing skills.