The number of security professionals will nearly double, rising to 2.1 million by 2008, predicts the International Information Systems Security Certification Consortium, or (ISC)2. The rate of growth will vary by region, however, according to the group's Global Information Security Workforce Study. For example, growth of about 12 percent annually is anticipated in the Americas, while growth of about 18.3 percent is expected in the Asia/Pacific region.

The study, conducted by market intelligence firm IDC, was based on a questionnaire filled out by 5,371 respondents from more than 80 countries.

Another issue concerned corporate hierarchy. The survey asked the question, "Who does the information security group report to?" About a third of the respondents said they report to the IT department, but 17 percent said they report to the security department, and the same number said they report to executive management.

A chief information officer (CIO) was said to have ultimate responsibility for information security at nearly 40 percent of the organizations surveyed; a chief security officer (CSO) was in charge of information security at just over 20 percent of respondents' companies--but this was a catch-all title and may not indicate whether the title has gained acceptance among the IT community around the world. CEOs or chief technology officers (CTOs) had ultimate responsibility for their organizations' IT security at slightly over 10 percent of companies.

The 42 percent of respondents responsible for making hiring decisions were asked to rate the importance of security certifications for new hires, and, like their physical-security counterparts, these received high marks. More than 93 percent said security certifications are somewhat or very important when hiring decisions are made.isc_cyberpros0205_0.pdf