InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘Survey’

SANS 2008 Salary and Certification Survey

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 11, 2009

The SANS Salary and Certification Survey which was conducted in November 2008 with a total of 2,120 respondents, came out early last month with the following conclusion:

“Despite the current economy, the demand for qualified information security professionals is predicted to increase through 2016, according to the Bureau of Labor Statistics. Those with formal education and professional certifications have the best opportunities to advance their careers as well as their salaries.

Security threats reached their highest levels in 2008 and are predicted to increase in 2009. With external as well as internal threats, commercial organizations, financial institutions, state and local governments and the military will continue to require qualified information security professionals to protect their systems and data. With an average entry-level (0 – 2 years of experience) salary of $70,807, security professionals are expected to hold a certain level of education, certifications, and experience as well as pursue a variety of informal and formal continuing education efforts to stay current in the industry.”

Check out the SANS 2008 Salary and Certification Survey here.

Posted in Certification, Survey | Tagged: , , , , , | Leave a Comment »

Global InfoSec Surveys and Adobe Reader Vulnerabilities

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 8, 2008

Ernst & Young’s 2008 Information Security Survey

EY released their Global Information Security Survey 2008 a few weeks ago. The survey was conducted from June 6 – August 1, 2008, in more than 50 countries and with nearly 1,400 participating organizations.

Some of the key findings were:

  • Protecting reputation and brand has become a significant driver for InfoSec
  • People remain the weakest link
  • International InfoSec standards are gaining greater acceptance
  • Growing third-party risk are not being addressed
  • Business continuity still bound to IT

    • Another notable finding is that despite of the current period of economic pressures and of slowed growth, only 5% of respondents indicated a planned reduction in InfoSec expenditures, while 50% were planning to increase their investment in InfoSec. This is supported by similar numbers from CIO Magazine, CSO Magazine and PWC’s Global state of information security survey 2008 (pdf, 2.79 MB). Key highlights are stated here, and another summary can be found in a NetworkWorld.com article.

    For more information about the survey, click here. If you want a pdf copy of Ernst & Young’s 2008 Global Information Security Survey (1.42 MB) click here. For other informative pdfs from Ernst & Young regarding InfoSec, check out their Technology and Security Risk Services page.

    Adobe Reader vulns remind us why updating ASAP matters

    What I mean by ASAP here is after the correct patch management or change management procedures have been done. Patching/updating with no concern for proper procedures can easily lead to downtime and possibly even more vulnerabilities.

    I’m saying this after the SANS Internet Storm Center came across pdf files that exploited the recently found Javascript buffer overflow vulnerability. They also took note that at the time of writing (Nov 7, 2008) NO ANTI VIRUS could detect the malicious pdf.

    However, had you updated your Adobe Reader to version 9 (Windows systems) a few weeks back, you wouldn’t even need to think of the problem.

    Posted in ISMS, News, vulnerability | Tagged: , , , , , , , , , , , , | Leave a Comment »