Certified security pros highly valued but under-prioritised: ISACA

Security professionals with formal industry certifications are commanding among the highest salaries in the IT industry, peak security body ISACA has argued as it commemorates the certification of its 25,000th Certified Information Security Manager (CISM) since 2002.

The milestone reflects the growing importance of formal industry certifications to security professionals, ISACA noted, despite recent research showing that many security positions remain unfilled and nearly two-thirds of companies have not increased their security training budgets this year.

CISM, one of four certifications from ISACA, has been accredited under the ISO/IEC 17024:2003 standard and feeds ongoing industry demand that made it one of the highest-paying certifications in the latest Foote Partners IT Skills Demand and Pay Trends Report.

Senior executives' “insistence on security for customers whose sensitive information flows across enterprise networks...has put tremendous pressure on IT leadership to execute flawlessly and predictably,” the Foote report states.

“For many companies, this can only be achieved with a dramatic transformation of the IT organisation and everyone who works in it. They have to architect their human capital, not just their systems and applications.”

The ISACA 2014 Advanced Persistent Threat (APT) Awareness Study found that, despite the growing recognition of the threat APTs pose, 62 percent of companies did not spend more on security training this year to match.

With estimates suggesting nearly 1 million security-related positions remain unfilled, ISACA has recently ramped up its efforts to encourage investment in industry certifications and training. Last month it launched Cybersecurity Nexus (CSX), an online education program designed as “a single, central location where security professionals and their enterprises can find cybersecurity research, guidance, certificates and certifications,” and other resources.

CISM isn't the only certification attracting the big bucks: specialised certifications such as Certified in Risk and Information Systems Control (CRISC), EC-Council Certified Ethical Hacker (CEH), Information Systems Security Engineering Professional (ISSEP/CISSP) and Information Systems Security Management Professional (ISSMP/CISSP) were all singled out in the Foote analysis as being among those certifications attracting “above average pay premiums” now – and expected to continue to do so in the next three to six months.

“Information security managers are being recognised for the value they bring to enterprises,” ISACA international vice president Allan Boardman said in a statement. “The CISM designation verifies the knowledge and experience needed by a successful information security manager.”

CISM exams are offered three times a year around the world, and include four domains including information security governance; risk management and compliance; security program development and management; and incident management. They also require evidence of relevant work experience.

ISACA, which recently marked its 45th anniversary, also recently launched the first five of what will be more than 30 COBIT-aligned audit and assurance programs to be released in 2014. It also recently began offering digital 'badges' that allow certification holders to attest to their security expertise within online resources.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about APTCSXFoote PartnersISACAISO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts