Many institutions - in and out of government - would hire more IT security professionals if they could be found. According to our analysis of BLS data, there's virtually no unemployment among IT security pros, creating a dearth of IT security specialists.
"The CRMA will give us a heightened awareness of our responsibility in not just evaluating operational or compliance risks, but understanding strategic risks to the business," says Denny Beran of J.C. Penney.
When Mano Paul of (ISC)2 discusses today's top application security challenges, he draws an analogy with sharks. And what he views as the skills needed to tackle today's top threats might surprise you.
The growing IT security profession - which shows virtually no unemployment, according to government data - remains the domain of white and Asian men with a scarcity of women, African Americans and Latinos.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
The threat landscape has evolved, and India's banking institutions must grow their information security strategies, says Anand Naik of Symantec, which just released a report that offers a new security agenda to institutions.
In the areas of risk management and business continuity, security professionals have advanced significantly since Sept. 11, 2001. But there's still an issue of complacency that needs to be addressed, says Rolf von Roessing, past international vice president of ISACA.