CSO Online recently released the results of a survey on security management at http://www.csoonline.com/read/010105/survey_results_3218.html.

Here is the methodology and demographics information:

Methodology
The Security Capability Model survey was posted online at CSO’s website and at the CERT website. The 539 responses were accumulated over the first six months of 2004. Respondents’ titles included manager or director of security (29%), CISO or CSO (16%), manager or director outside of security (14%), and other (41%). Thirty-four percent of respondents’ companies have less than $50 million in revenue, 25% between $50 million and $500 million, 24% between $500 million and $5 billion, and 17% more than $5 billion. The industries most heavily represented in the response base were finance/banking/accounting (14%), health care/pharmaceutical (12%), manufacturing (11%) and government (10%).