Information Security Skills in Short Supply

A new survey detailing internal audit skills and competencies caught my eye. Among other findings, this Protiviti report identifies the three internal audit skills in greatest need of improvement. ISO 27000 competencies topped the list. Say what?

It turns out that this series of international standards relate to information security. If you need to find out more (I did) click to http://www.27000.org. Enterprise risk management (ERM) and "fraud risk management" competencies followed information security on this "needs improvement" list. I felt better when I saw those two needs; most of my recent research in the magazine examines processes related to ERM -- or GRC -- and fraud reduction.

Protiviti's Bob Hirth -- someone whose internal audit and GRC insights I've tapped for many years -- points to companies' growing reliance on IT-generated data as well as the growing number of data security breaches as prime reasons that internal auditors believe they need to strengthen their information security skills.

The 28-page report, available in PDF format, contains much more information about the current state of internal audit.