PRESS RELEASE

Palm Harbor, Fla., U.S.A., June 4, 2009 " The final results of a survey conducted by (ISC)2' ("ISC-squared"), the not-for-profit global leader in educating and certifying information security professionals throughout their careers, suggests that information security professionals can look forward to a future with new jobs coming onto the market and fewer expected budget cuts. The survey also indicated, however, that hiring managers are struggling to fill positions as candidate salary expectations and skill levels do not meet current demand. Of the more than 2,800 (1,593 U.S.) professionals participating in the survey, 775 had hiring responsibilities, with 44 percent of those looking to hire additional information security staff this year and over 11 percent planning to add more than three people. The areas of expertise most sought after by those seeking candidates were (in order of highest demand): operations security, information risk management, access control systems and methodology, applications and systems development security, and security management practices.

Despite economic conditions, over 80 percent of hiring managers identified that they are challenged in their efforts to find the right candidate. The range of concerns included a lack of desired skills, a lack of available professionals within a local area, and salary demands that were too high for available budgets, particularly from people who had previously worked within the troubled financial services sector.

(ISC)2 conducted the survey in April and May 2009 to gain insight on the impact the economic downturn is having on its certified membership and their employers. Members were asked about the effect on various budgets and their organization and asked about their expectations for the future. They confirmed that outsourcing is having an impact but that activity on this front may be slowing " 30 percent had reported increased levels of outsourcing of security functions, while only 18.7 percent expected the situation to worsen in the next six months.

Over two-thirds (nearly 72 percent) of respondents said their information security budgets had been reduced in the six-month period from October 2008 " March 2009, and roughly half (53.6 percent) revealed that their information security departments had experienced at least one lay-off in the past few months. Looking forward, 62 percent said they did not expect any additional information security budget cuts for the remainder of the year, while nearly 9 percent expected an increase. Fifty-nine percent said no additional personnel cuts would be forthcoming the remainder of the year.

"In this environment, companies may be tempted to make rash security decisions in their panic to cut costs," said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, executive director for (ISC)2. "Organizations are advised to proactively analyze how cuts affect their risk profile and avoid costly repercussions resulting from breaches and mandated reparations."

The survey confirms that companies are making their adjustments at a time when they are experiencing more attacks.

Organizations have experienced an increased impact during the economic downturn across several fronts, including internal hacking against the system (18.4 percent); external attacks against the system (33.3 percent); theft of intellectual property (27.8 percent); and fraud and embezzlement (28.3 percent). (ISC)2 conducts research regularly to gain insight on the state of the information security workforce and offers programs of support for members seeking new employment and career enhancement. Current resources developed to support job seekers include: