ABSTRACT
As organizations become more dependent on information technology for survival, information security
emerges as one of the most important concerns facing management. The increasing variety of threats
and ferociousness of attacks has made protecting an organization’s information resource a complex
challenge. Improved knowledge of the critical issues underlying information security can help
practitioners and researchers to understand and solve the most challenging problems. With this
objective, the International Information Systems Security Certification Consortium (ISC)
teamed up
with Auburn University researchers to identify and study the top information security issues in two
sequential, but related, surveys. The first survey involved a worldwide sample of 874 certified
information system security professionals (CISSPs) who ranked a list of 25 information security
issues based on the most critical issues facing organizations today. The survey results produced some
interesting findings. The criticality of top management support was demonstrated by the respondents
who ranked it 1 of 25 issues. This finding suggests that top management support is the most critical
element of an organization’s information security program. As one study participant put it, “Manage-
ment buy-in and increasing the security awareness of employees is key. Technology is great, but
without.management’s backing, all the bits in the world won’t help.” Based on the results of opinions,
conclusions, and recommendations expressed or implied within are solely those of the authors and do
not necessarily represent the views of USAFA, USAF, the DoD or any other government agency. This
survey, gaining senior management support is arguably the most critical issue influencing information
security effectiveness today.