Highly experienced professionals are very hard to find, as enterprises have to go through lengthy processes to hire security experts who, although very experienced, are rather rare. Organizations that work with more than 2000 members report increases in salary and number opportunities to grow and ascend for trained and experienced security professionals, despite the slow economic environment. These are the key findings of the (ISC)2 2012 Career Impact Survey.
According to the survey, 96% of security professinals are currently employed and only as low as 7% of information security professionals were unemployed at any point during the last year. Moreover, over 70% or respondents received a salary increase in 2011 and more than half expect to receive an increase in 2012. More than half of those who changed jobs said they did so because they had opportunities for advancement. Read more
A recent survey by Forrester Research shows that the lack of qualified security staff is one of the main reasons IT managers cannot successfully secure the enterprise. Their survey of over 2,000 IT executives in the US, UK, Canada, France and Germany found that one of the key problems behind corporate IT security is getting qualified staff to do the job.Almost half of the It managers in the US and Europe are dealing with this issue.
“Security leaders feel that they simply don’t have enough staff to carry out day-to-day tactical activities while adjusting to major business and IT shifts and changing threats,” said Forrester principal analyst Khalid Kark.
While their cybersecurity czar plans have been delayed for so long we were all a bit tired for waiting, the White House approach to fighting cyber threats seems to have found a new focus these days: recommending training, exams and detailed certification requirements for cybersecurity professionals employed or contracted by the federal government. And this is going through the careful review of a commission whose main purpose is to advise the Obama administration on cybersecurity policy.
The Commission on Cybersecurity for the 44th Presidency, which in December 2008 issued its Securing Cyberspace for the 44th Presidency report to Congress, is currently working on a sequel to that report, due sometime in late June or early July. The commission, made up of a who’s who of experts and policy-makers, is debating strategies for building and developing a skilled cybersecurity workforce for the U.S., as well as issues surrounding an international cybersecurity strategy and online authentication.
With chief information officers planning to increase hiring, even if just a bit, in the first quarter of 2010, who they are looking to hire is the next big question. And according to a recent survey, they are making the right choices, as security professionals are among their high priorities, together with networking and application development personnel.
Robert Half Technology interviewed 1400 US CIOs to reach their results, which predict a net 3% increase in IT hiring activity, spread across companies of all sizes in Q1 of 2010. The net increase was reached after putting together the 7% who expect additions to their staffs with the 4% that expect reductions.
The health services industry stands out as a bright spot in the hiring report, with 16% of health services CIOs planning to expand their IT departments and just 3% planning cutbacks. Many health services CIOs pointed to increased staff needs stemming from the development of enterprise-wide applications.
I wonder if the high IT pros demands of health companies have anything to do with all the security breaches and data loss or theft of the past year or so… I bet it does!
When it comes to security breaches leading to data loss, accidents caused by insiders are more frequent and generally do more damage than those caused by insiders with malicious intents, shoes a new study published by industry research firm IDC industry research firm and sponsored bu RSA.
According to a report, 52 % of respondents characterized their insider threat incidents as predominantly accidental, while only 19% believed the threats were deliberate. Another 26 % said their insider issues were an equal combination of accidental and malicious threats.
“One of the things that jumped out at us from the study was how many insider incidents are unintentional,” says Chris Young, senior vice president of RSA products, quoted by Dark Reading. “These are individual actors who often are just trying to do their jobs and don’t understand that what they are doing is dangerous.” Read more
The White House might have a bright, shiny plan for cybersecurity, but it seems unable to keep the security heads it needs to manage and further implement it. No less than the people holding key positions related to the USA’s cybersecurity have resigned in the past few months.
The trend was started in March by Rod Beckstrom, who at the time resigned from his position as head of the National Cybersecurity Center within the Department of Homeland Security. The said center coordinates the defense of civilian, military, and intelligence networks. The reason for Beckstrom’s resignation? As he stated in a letter quoted by the Register, the post was underfunded and unduly controlled by the National Security Agency.
The next person to announce their resignation was Obama’s top cybersecurity director, Melissa E. Hathway. What led to her decision was the long months of delays by the Obama administration in appointing a permanent director to oversee the safety of the nation’s vital computer networks. As the Register points out, Hathway was one of the best candidates for the “cybersecurity czar” position. The czar would hold the authority for securing networks and infrastructure that serve US banks, hospitals and stock exchanges.
The third and most recent top cat in the US government to go is Mischel Kwon, the head of the US Department of Homeland Security’s Computer Emergency Readiness Team. Washington Post rumor has it that Kwon had grown frustrated by bureaucratic obstacles and a lack of authority to fulfill her mission. And it seems people in her position don’t stick around for too long, she was the fourth US-CERT director in five years.
Hopefully, the critical cybersecurity plan will eventually be implemented, without any further delays and resignations. Let’s keep our fingers crossed!
Take it to the could. See how it works explaind in plain english.
Device Control and DLP taken to the cloud to help you reduce cost and deploy much faster.
CoSoSys, a leading developer of endpoint security and portable storage device applications, has just released My Endpoint Protector (MyEPP), the first Software-as-a-Service (SaaS) application to deliver Data Loss Prevention and device control “in the cloud”. MyEPP will help companies manage the internal and external security threats created by the broad availability and use of portable data storage devices, while focusing on keeping the impact on IT resources at a minimum. The new web service uses a policy-based approach to enable businesses to manage how data can be used on all endpoints – Desktops, Laptops, Netbooks and more – from a single centralized web console, no matter where those endpoints are located.
Why should you consider a MyEPP subscription?
- Your company will be able to minimize inside threats and prevend data loss and data theft
- The cloud computing approach means you don’t have to worry about servers setup, installation or management
- You can access the centralized web-based dashboard remotely, from any computer with and Internet connection and a web browser
- Real time monitoring of all devices used by your employees
- Create your own security policy without the need for additional hardware or software, without the need of having in house IT security experts
- Enforce your policies easily through customizable templates
- All for prices as low as $2 per PC per month
“Most businesses today are aware that they need to proactively protect both their own intellectual property and customer information held in trust on their systems,” said Roman Foeckl, CoSoSys CEO. “But the thought of having to hire dedicated staff or consultants to install, implement and manage this type of solution has prevented many from taking the steps needed to protect that data.
“My Endpoint Protector makes enterprise-level device control and security accessible to even the smallest organizations without the need for expensive additional equipment or staff. Whether employees work from home, on the road or from remote locations, the security of their desktops and laptops can easily be centrally managed through the cloud.”
If you need more reasons to act now, just go ahead and evaluate the costs of a real data breach!
For more details on MyEPP, click here.
It seems that the centrally managed cybersecurity plans are a catchy trend. Following White House announcement, the UK is planning to create a centrally managed cybersecurity agency. All the secret operations that are currently going down within the intelligence and security services – Ministry of Defence, Home Office, MI5, MI6 and GCHQ – will be centralized and handled by a separate institution.
The UK plan will be soon made public, sometime before the summer Parliament recess, according to the Register, and will be included in the government’s updated National Security Plan.
The idea of a cyber tsar role, initially launched by US President Barack Obama, might also be implemented by the EU.
“The European Commission is now encouraging member states to cooperate on digital wargames, to simulate attacks from outside the bloc. Commissioners have suggested a European cyber security tsar should be appointed.”
More and more employees chose to overlook data security policies put in place by the companies they work for and engage in activities that could easily lead to data breaches, according to the findings of a new Ponemon Institute survey. The risky activities include taking private records with them on unsecured storage devices, downloading personal software on company systems, turning off security settings and networking on social media sites.
Most members of a company’s staff copy classified data to USB drives or turn off security settings on their work laptops. Compared to the Institute’s 2007 findings, the numbers of those ignoring company policies has increased.
Here are some highlights of the survey findings, as presented by PC World:
- 69 percent of the 967 IT professionals surveyed copied confidential company data to USB sticks
- those who lost said USB sticks with confidential corporate data on them failed to report it immediately
- almost 31 percent of respondents engaged in social-networking practices on the Web from work PCs
- around 53 percent said they downloaded personal software on corporate PCs