Is Cyber Security Your Next Career: (ISC) Global Information Security Workplace Study

The recent (ISC) Global Information Security Workplace Study illustrates the issue of Filling the Cybersecurity Gap in stark detail. The report projects that the global information security workforce shortfall will reach 1.5 million workers in five years.

The nearly 14,000 qualified information security professionals who took part in the study are already struggling with this: Only half believe their organization is capable of sufficiently discovering and recovering from a breach.

As a result, only one-fifth indicate that they can complete remediation after a system or data compromise within a day (down from 33% in 2011). Other findings reveal additional, troubling developments: With an insufficient pool of avail-able, suitable job candidates, 62% of respondents say that their organization has too few information security professionals, up from 56% in 2013.

Two-thirds are concerned about security technology “sprawl”—a significant increase in the number of tech products, vendors and management consoles, leaving 64% of respondents saying they face challenges in training in-house security personnel to “cover all of our technolog ies.”

Cybersecurity as a vocation continues to “go gray,” with fewer young people taking this career path. Just 6% of respondents were under age 30, and the average age was 42. More than three out of five are 40 or older.Education and training remain key, as many organizations are now recognizing. To retain current staffers, 61% of survey respondents said they need to offer training programs, and 59% said their company is willing to cover staffers’ professional security certification expenses.

In terms of the most in-demand skills required to respond to the threat landscape over the next three years—and thus critical areas of training focus—respondents ranked risk assessment and management at the top (55%); followed by incident investigation and response (52%); governance, risk management and compliance (48%); analytical skills (42%); and architecture (38%).

Get your cyber security / risk management training or certification through www.ermgovernance.com

Comments

How to benefit from a Fishbone or Ishikawa Diagram for Root Cause Analysis

What is root cause analysis? Root cause analysis is a structured process that helps healthcare, manufacturing and service sector managers and leaders in identifying contributing factors or causes of an accident, error, problem, event or occurrence. An accident, error, problem, event or occurrence are usually a result of a system rather than an individual mistakes. Understanding the system itself and contributing factors or causes of a system failure can help in preventing recurrences. Actions that are taken to address system failure helps in sustaining the improvements or corrective actions. What is a fishbone or ishikawa diagram? Each and every outcome or effect is an end result of actions taken/omitted or in general causes/ A cause and effect diagram representing this relationship between cause and effect is called a called a fishbone or ishikawa diagram. A fishbone diagram is a visual way to represent cause and effect. It is a more structu...

New Legislation Brings Additional Compliance Requirements For Helathcare Organizations in Ontario

The Ministry of Health and Long-Term Care released its statement indicating that the new legislation will strengthen privacy, accountability and transparency in the Health Care System. The Act introduces new measures that put patients first by improving privacy, accountability and transparency in the health care system. The changes introduced to HIPA ensures that Ontario remains the leader in health information and privacy protection across Canada. The Act will amend existing legislation: Making it mandatory to report privacy breaches to the Information and Privacy Commissioner and, in certain circumstances, to relevant regulatory colleges. Strengthening the process to prosecute offences under the Personal Health Information Protection Act by removing the requirement that prosecutions must be commenced within six months of when the alleged offence occurred. Doubling the maximum fines for privacy offences from $50,000 ...

SRM: Strategic Risk Management

What is SRM / Strategic Risk Management? Strategic risk management (SRM) is best described as the process of identifying, assessing, and managing any risk that affects organization's strategy, strategic objectives, and strategy execution. Does your organization have a such process? If you answered yes!, great. Your organization is ahead of many by having a strategic risk management. That’s great! Because that means you have overcome the challenges I talk about in my 5-part video series on Linking ERM to Strategy. The best and simplest way to describe the strategic risk management process is to say that it requires managing key input variables (internal and external environments) and key output factors (mission, objectives, strategy, and policies). These factors influence how strategy formulation, implementation, and evaluation and control are related, and how a change in any one factor (e.g., corporate objectives) affects other factors (e.g., strategies, policies, pro...

Enterprise Risk Management Governance Inc.

Search This Blog