ABSTRACT
As organizations become more dependent on information
technology for survival, information security emerges as
one of the most important concerns facing management.
The increasing variety of threats and ferociousness of
attacks has made protecting an organization’s information
resource a complex challenge. Improved knowledge of the
critical issues underlying information security can help
practitioners and researchers to understand and solve the
most challenging problems. With this objective, the
International Information Systems Security Certification
Consortium (ISC)2 teamed up with Auburn University
researchers to identify and study the top information secur-
ity issues in two sequential, but related, surveys. The first
survey involved a worldwide sample of 874 certified infor-
mation system security professionals (CISSPs) who ranked
a list of 25 information security issues based on the most
critical issues facing organizations today. The survey results
produced some interesting findings. The criticality of top
management support was demonstrated by the respondents
who ranked it 1 of 25 issues. This finding suggests that top
management support is the most critical element of an
organization’s information security program. As one study
participant put it, “Management buy-in and increasing the
security awareness of employees is key. Technology is
great, but without . . . management’s backing, all the bits
in the world won’t help.” Based on the results of opinions,
conclusions, and recommendations expressed or implied
within are solely those of the authors and do not necessarily
represent the views of USAFA, USAF, the DoD, or any
other government agency. This survey, gaining senior man-
agement support is arguably the most critical issue influen-
cing information security effectiveness today.