Management support of security policies is the most important element in effectively securing organizations’ infrastructure, according to the third annual Global Information Security Workforce Study, conducted by analyst firm IDC and sponsored by the (ISC)².
The list of imperative ingredients for a secure infrastructure also included having users follow security policy, having qualified security staff, and software and hardware solutions. Responses came from more than 4,000 information security professionals in over 100 countries.
For more on security, see The Gatekeeper: Talking Data Security with Visa CIO Mike Dreyer
Technology as an enabler, but not the solution, for implementing a sound security strategy was an ongoing theme in the results.
Processes and people were also highlighted in responses; these are areas which have been traditionally overlooked in favor of trusting hardware and software to solve security problems.
The study, released Oct. 25, found that increasingly, responsibility for security information assets is shifting from the CIO to other senior managers, and in many cases, outside IT altogether to chief financial and chief risk officers and legal and compliance departments.
Read the full story on eWEEK.com: Study: Technology Not an IT Security Solution