This demand is expected to fuel salaries for federal chief information officers (CIOs) and chief information security officers (CISOs), which are already at healthy levels. The survey found that 57% of federal CIOs and CISOs report salaries of $100,000 or more annually, compared to just 42% of worldwide respondents.
“The government needs trained information security professionals to protect the nation’s critical infrastructure, and the good news is salaries appear to be competitive compared to the commercial sector, one area where the government has traditionally struggled to compete,” the report said.
The survey of 145 C-level federal government personnel, which was part of the broader 2011 (ISC)² Global Information Security Workforce Study released earlier this year, identified a number of security challenges facing government security professionals. These include the use of personal devices in the federal workplace, as well as the government's push to adopt cloud services and use social media to improve information sharing and efficient among agencies.
A full 66% of respondents identified the use of personal mobile devices in the organization as a potential security threat, second only to application vulnerabilities at 73%. According to the survey, 58% of respondents said that mobile devices pose a very significant or somewhat significant risk in federal agencies.
“The top threat concerns for both the US government and the world as a whole…are now mobile devices and application security. Those two are connected if you think about it”, said W. Hord Tipton, executive director of (ISC)². “With the rollout of iPhone and iPad, we now have over 300,000 applications that have received a certain level of scrutiny, but not nearly enough to satisfy a paranoid security person”, he told Infosecurity.
Social media is being used more and more by government as a tool to connect directly to citizens, track comments from the public about services, and provide citizens with greater access to information, the report noted. According to the survey, 50% of respondents listed social media as an important government tool.
However, greater use of social media also increases the security concerns about its use. According to the survey, 65% of respondents said they had content filtering and website blocking technology in place, but a full 20% of respondents said they had no restriction on the use of social media by their employees.
“You add social media…and you have more and more information out there, you have more and more exposure. It’s hard to image the risks and the threats that people have to deal with”, Tipton said.
Federal security professionals are also concerned about the push to the cloud. Exposure of confidential or sensitive information and data loss or leaks are the greatest cloud security concerns for them, with 94% rating this as a top issue. Weak system access controls, susceptibility to cyber attacks, and disruption in operations ranked lower in security concerns.
“The US government has a mandate get 50% of their services into the cloud over the next 17 months. So the intent is to get there. They do have their eyes on security along with that. It’s a matter of jumping into the deep end of the pool. You are going to make some mistakes, and people are going to have lessons to learn. But that’s innovation”, Tipton said.