Stats Watch: How do your security plans compare?

Last week we had a glimpse at what was happening in the local IT security market - fair growth was expected in the market, especially if vendors get to grips with the needs of a small business-heavy market and/or managed services.

Last week we had a glimpse at what was happening in the local IT security market — fair growth was expected in the market, especially if vendors get to grips with the needs of a small business-heavy market and/or managed services.

The minds of US IT executives have been greatly sharpened toward security over the past year. Forrester Research says 76% of the largest 3500 firms in the US plan to raise or maintain security spending (typically 0.24% of revenue), despite flat overall IT spending. Annual growth of 12% in security spending is expected through to 2006.

The intention is there, but what are IT execs stateside up against?

Justifying a budget increase. (In one survey of CIOs, spending on IT security takes $8.40 out of every $100 of the IT budget, technology products getting 42%.)

Implementing security plans. (Months after 9/11, a survey of 459 CIOs by Ernst & Young found that just 53% of companies had business continuity plans, and less than half had IT security awareness and training programmes for employees.)

Unified security programmes for protecting buildings, people and networks. (Challenges: managing privacy, risk, financial issues, policy; blending budgets and skill sets; top-notch strategic planning and communication.)

Finding the optimal trade-off between security and convenience. Appointing a security executive. (Of 276 companies surveyed by CIO magazine in the US, 47% have a point person such as a chief security officer in charge of efforts. These companies spend 15% of their IT security budget on staff, compared to 6% for those without a CSO or equivalent.

However, other firms say security should be the focus of every IT employee. You could always see if it’s cheaper to have an outside company manage your VPN firewalls, content filters and intrusion detection systems. The jury’s still out on that one, but there’s no doubt that backing up the technology with highly trained people who can do the assessment, patches and alarm correlation, decipher the logs and actually deter intrusions is a big ask for any IT department.

The good news for security heads is that out of nearly 30,000 US IT workers in dozens of occupations — from data warehousing to e-commerce — those with security-related jobs were alone in receiving a 9% pay hike, on average, from last year.

For more resources about security standards, see Score, Owasp.org, and Cisecurity.org. For the US government’s secure cyberspace plan, see here.

Email Broatch.

Join the newsletter!

Error: Please check your email address.

Tags Stats Watch

More about CSOForrester Research

Show Comments

Market Place

[]