CompTIA的IT安全培训和认证调查报告 --王茜翻译

IT Security Training, Certification Paying Off for Organizations
IT安全培训和认证为企业带来回报
CompTIA study finds high demand for experienced security pros
CompTIA研究发现企业对具备安全工作经验的专业人员有较高需求

Hong Kong; April 26, 2004 – Organizations investing in security training and certification for their information technology (IT) personnel are less likely to experience major security breaches, according to a recent study on IT security by CompTIA, the Computing Technology Industry Association.
2004年4月26日香港讯 ——美国计算机技术行业协会（CompTIA）最近在IT安全领域进行的研究表明，对信息技术（IT）员工的安全培训和认证进行投资的企业，遭受重大安全侵犯的可能性更低。

Organizations with at least one-quarter of their IT staff trained in security reported fewer security breaches (46.3 percent) than organizations with less than one-quarter of IT staff trained in security (66.0 percent). Among those who have invested in IT security training, 80 percent feel that their security has improved; 70 percent of those who have invested in certification feel the same way. Nearly 900 organizations across a range of industries, including education, financial services, government, health care, IT, and manufacturing, participated in the second annual CompTIA study.
对至少四分之一IT员工进行安全培训的企业所报告的安全侵犯（46.3%），低于对不到四分之一的IT员工进行安全培训的企业（66.0%）。在投资IT安全培训的企业中，80%感觉到其安全性得到了改善；而投资认证的企业中70%也有类似感觉。来自教育业、金融服务业、政府机构、卫生保健业、IT业和制造业等不同行业的将近九百家企业参与了第二届CompTIA研究。

“There is growing recognition that training and certification are key elements in improving IT security,” said John Venator, president and chief executive officer, CompTIA. “Now more than ever, organizations realize that information and intellectual property are their lifeblood. They also realize that it’s easier than ever for people to access, lose or steal this information. Anyone with a PC, a laptop, a mobile phone, or a PDA is a potential threat to security.”
CompTIA总裁兼CEO约翰·维纳托说：“越来越多的人正在逐渐认识到，培训和认证是改善IT安全的关键因素。现在，更多企业认识到，信息和知识产权是他们的命根子。他们还意识到，现在的人们比以往任何时候都更容易接触到、丢失或盗窃这些信息。只要有一台PC、一台笔记本电脑、一部移动电话或者一个PDA，任何人都可以对安全构成潜在威胁。”

In remarks delivered today in Hong Kong at Business Week’s 13th Annual Asia Leadership Forum, Venator said the real and perceived improvements in security are accompanied by hard numbers when the return on investment (ROI) from training and certification are discussed. The CompTIA study found that the median value of estimated ROI for training is $20,000 per trained employee per year; while the median value for ROI for certification is $25,000 per certified employee per year.
在今天于香港举行的《商业周刊》第十三届亚洲领袖论坛上，维纳托做了发言，指出，就培训和认证所带来的投资回报（ROI）而言，安全投资所带来的实际和预期效果得到了强有力的数字支持。CompTIA研究发现，安全培训ROI的预计平均值是，每年每位被培训员工20 000美元，而安全认证ROI的预计平均值是，每年每位获得认证的员工25 000美元。

More organizations are requiring security training (30.2 percent, up from 23.2 percent a year ago) and security experience (28 percent, up from 18.8 percent) for their new IT staff hires. In fact, past experience in IT security has surpassed self-study as the second-most effective training tool, behind only “hands-on” training.
现在，越来越多的企业对其新雇佣的IT员工提出安全培训（从一年之前的23.2%上升到30.2%）和安全工作经验（丛18.8%上升到28%）方面的要求。实际上，IT安全方面的以往工作经验，已经超过自学，成了仅次于“职业实习”培训的第二种最为有效的培训工具。

“Anyone can claim to be astute in the area of IT security,” Venator said. “But organizations today are looking for individuals with proven security experience. Obtaining industry-recognized certification, such as CompTIA Security +, is one way in which IT professionals can demonstrate their expertise.”
维纳托说：“任何人都可以声称自己精通IT安全知识，但是今天，企业正在寻找的是具备经过验证的安全工作经验的个人。取得CompTIA Security +等已经得到行业认可的认证，是IT专业人员证实其所具备的专业知识的方法之一。”

More than two-thirds of organizations (68 percent) believe that vendor-neutral IT security training and certification is better than that offered by a particular vendor because vendor-neutral training lays the necessary foundation for maximum return from vendor-specific training. Even respondents who show a preference for vendor-specific certification indicate that vendor neutral certification plays a key role in ensuring an appropriate depth of knowledge in their staff – knowledge that is not limited to a particular brand or platform.
超过三分之二的企业（68%）相信，厂商中立的IT安全培训和认证，优于由某位厂商提供的安全培训和认证，因为厂商中立培训为企业从具体厂商培训中获得最大收益打下了必要基础。即使是偏爱具体厂商培训的被调查者也表示，厂商中立认证对于保证其员工获得相当深度的知识起到了关键作用，而这种知识是不局限于某一具体品牌或平台的。

Security training and certification are extending deeper into IT departments, the CompTIA survey found. Fifteen percent of organizations require all IT staff to have such training; and 31 percent of organizations require at least half their IT staff to be trained in security matters. The comparable figures for last year were 11 percent and 22 percent.
CompTIA 调查发现，安全培训和认证正在更深入地渗透到各个IT部门中。百分之十五的企业要求所有IT员工经过这类培训，31%的企业要求至少一半IT员工要经过安全问题方面的培训。而去年的对比数字分别是11%和22%。

Among specific job positions, increases in security training were reported for director level (up 6 percent), engineering level (up 14 percent), project manager level (up 14 percent), and product developer level (up 10 percent).
CompTIA得到的报告显示，在具体工作职位方面，董事层、工程师层、项目经理层和产品研发员层的安全培训数字都有所增加（分别上升了6个、14个、14个和10个百分点）。

The study also found that that increasing percentages of IT budgets are being spent on security. Nearly one in four respondents (22 percent) said they will spend 20 percent or more of their total IT budget on computer security. That’s up from 15 percent last year.
研究还发现，现在，0更多IT预算经费被用于安全方面。每4个被调查者中几乎就有一个（22%）指出，他们会将其整个IT预算的至少20%用于计算机安全方面。这个数字与去年相比上升了15个百分点。

The study was conducted for CompTIA by TNS Prognostics of Palo Alto, Calif., a leader in customer research based consulting for the IT industry.
该研究是由加利福尼亚帕洛·阿尔托市的TNS Prognostics为CompTIA完成的。TNS Prognostics是IT产业著名的用户研究顾问公司。

About CompTIA
CompTIA is a global trade association representing the business interests of the information technology industry. For more than 22 years CompTIA has provided research, networking and partnering opportunities to its more than 19,000 members in 89 countries. The association is involved in developing standards and best practices, and influencing the political, economic and educational arenas that impact IT worldwide. More information is at www.comptia.org.
关于CompTIA
CompTIA是一家全球性行业协会，代表信息技术产业的商业利益。22年来，CompTIA为其来自89个国家的一万五千多个成员提供了大量研究、联网和合作机会。该协会的主要工作是设计行业标准和最佳实践，并对左右全世界IT产业的政治、经济和教育舞台施加影响。欲知详情，请访问www.comptia.org