A recent study by Creative Intellect Consulting UK found that employees are not following key software security processes, managers are not fully supportive of improving security, and many security specialists need better training to deliver secure software. Hord Tipton, executive director of (ISC)2 highlighted the results in a recent blog post and noted some key management changes the federal government must make.
"The culture and attitude or, to be more succinct, the lack of the right mind set for delivering and maintaining secure software, throws light on some worrying concerns," Tipton writes. "It begs the question as to whether organizations have the capacity for and are ready to deliver secure software targeting next-generation technologies such as cloud computing and mobile delivery platforms."
Tipton makes three key conclusions for reforming federal information security: federal managers must commit to information security, agencies must change their cultures to better recruit and retain cyber workers, and they must provide better education and process support.
The study was based on a survey of (ISC)2 members along with other software development, IT and information security professionals from around the world.
The 2011 Global Information Workforce Survey released last month by (ISC)2 and Frost and Sullivan also highlighted the need to improve education and training of cyber professionals, particularly regarding cloud computing. That study drew the opposite conclusion of the Creative Intellect study with regard to management buy-in, however. It found that many information security professionals feel they finally have achieved management buy-in within their organizations, Tipton wrote.