CompTIA Security Study Proves Value of Certification

The annual CompTIA security study, titled Trends in Information Security: A CompTIA Analysis of IT Security and the Workforce, shows that security training has saved U.S. companies $2.2 million in total, much of which is due to a reduction of server/network downtime and fewer impacts to employee productivity. Likewise, the provision of IT security certification has saved U.S. companies over $675,000 in total for similar reasons.

The study found that the most widespread threats in the U.S. today stem from spyware , the lack of user awareness, and virus and worm attacks. Canadian organizations indicate riskier browser-based attacks and wireless networking security while Chinese organizations indicate significant threats from spyware, viruses, worms, and browser-based attacks.

The percentage of their IT budget that companies dedicate to security is growing year after year. In the United States , companies earmarked 12 percent of their IT budget in 2007 for security purposes – up from only 7 percent in 2005. The bulk of these dollars are used to procure security-related technologies.

Companies spend substantial amounts on prevention because security breaches can be costly if they occur. In the past year, U.S. firms shelled out an average of more than $200,000 as a result of security breaches, a third of which was attributed to the loss of employee productivity. Moreover, in the last year in the United States, Canada and UK, IT staff members spent more than 10 percent of their time dealing with security breaches, and in China, almost 20 percent of their time.

Nearly 60 percent of U.S. companies require IT security training for IT staff and more than half make training available to non-IT staff. Companies are also increasingly requiring IT security certification. Nearly 33 percent of U.S. firms make certification required now compared to only 25 percent in 2006 and 14 percent in 2005. However, a full 78 percent of organizations in China require certification.

CompTIA Security+ is an ideal certification to prove you know IT security. CompTIA Security+ validates knowledge of communication security, infrastructure security, cryptography, operational security, and general security concepts. It is an international, vendor-neutral certification that is taught at colleges, universities and commercial training centers around the world.

Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience, with an emphasis on security. Because human error is the number one cause for a network security breach, CompTIA Security+ is recognized by the technology community as a valuable credential that proves competency with information security.

For more information, visit certification.comptia.org/security+.