What to Look for in a COmputer Security Professional
- The threats facing an organization and how these threats can become attacks.
- How to protect the organization's assets from information security attacks
- How business solutions (including technology-based solutions) can be applied to solve specific information security problems.
The above bullets are the basis and justification for a security professional. Without knowledge of threats and how to address them, the professional is useless for his/her intended purpose.
- How to work with people and collaborate with end-users, and have strong communications and writing skills.
- How an organization operates at all levels.
- That information security is usually a management problem and is seldom an exclusively technical problem.
- The role of policy in guiding security efforts, and the role of education and training in making employees and other authorized users part of the solution, rather than part of the problem.
The above bullets represent the necessity to understand the needs of the specific organization and ability to work with its employees effectively. While it is most important that you know your field and what you are doing, it is also critical to channel your knowledge efficiently within the organization. This cannot be done if a professional does not work well with others or does not understand an organization and its policies.
- Most mainstream IT technologies (not necessarily as experts, but as generalists).
- The terminology of IT and information security; this is the basis for subsequent knowledge and skills needed for the specific positions.
A professional may not always get a position that is precisely the same as what he/she used to do. In this case it is important to have a general understanding of the latest technologies as well as the specifics of the new position. With a knowledge base much of this can be learned quickly, making the transition easy and the employee more diverse.
Temporary and Contract Hires
When dealing with non-employees, organizations are forced to adjust their information access and security policies. These employees represent a potential threat as they are often temporary and need access to sensitive information. The most important thing an organization does is limit the accessible information. Often these employees are hired for specific tasks or objectives. Limiting their information access to only what they need, decreases the possibility of a security problem. Additionally, these employees often sign nondisclosure agreements for the duration of their employment. This binds them by contract to keep everything sensitive that they work on to themselves.
CISO?
- Manages the overall information security program for the organization
- Drafts or approves information security policies
- Works with the CIO on strategic plans, develops tactical plans, and works with security managers on operational plans
- Develops information security budgets based on available funding
- Sets priorities for the purchase and implementation of information security projects security staff
- Makes decisions or recommendations on the recruiting, hiring, and firing of security staff
- Acts as the spokesperson for the information security team
The CISO is often qualified as the Certified Information Systems Security Professional (CISSP). Additionally, the CISO usually has a graduate degree in a related field. He/She must be experienced as a security manager with experience in planning, policies and budgets. In some cases law enforcement experience is preferred.
Interviews / Secure Facility Touring
An interview does not guarantee a candidate has obtained the desired position. Because of this, it is important to exercise caution when exposing the candidate to secure areas. It is possible for the candidate to gain enough information to become a threat from such exposure.
Separation of Duties
Separation of duties is a common security practice used to reduce the risk of control being placed in too few hands. The idea is that by requiring more than one person to complete a duty, control is shifted to multiple parties. This automatically reduces the possibility of one corrupt employee using their job duties for unauthorized activities. Both or all parties would need to be willing and able to commit the unauthorized task. This also helps errors from being committed by having to two perspectives, further reducing security issues.
Published by Mojo21
N/A View profile
- What to Look for When Choosing a Web Hosting Service for Your BusinessA web site is an important part of your online marketing strategy. If your website is to be successful, you must make an informed decision about your web host. You must carefully choose a reliable web host that can...
- How to Find Quality Child CareIn this tumultuous economy, many stay-at-home moms are returning to the work force. Life is tough enough without the guilt moms feel when turning over the care of their children to someone else. I was one of those m...
- Computer Security Handbook Guiding You Through the Computer WorldThe Computer Security Handbook is completely revised with each new edition. The revisions address changes in thought within the field of business computer security as well as addressing new and ever changing threats t...
More Moving Tips that You Can Enjoy - What to Do 6 to 8 Weeks Before You...Key information to be aware of several weeks before you move. Let us teach what to look for and how to prepare yourself.- How to Choose the Best Computer for Your TeenChoosing a computer for your child can be daunting, but with a little research and understanding, it doesn't have to be.
- Computer Security Threats for Small Businesses
- Hiring a Security Manager
- Campus Security Important for New Students
- Become a Security Certified Network Professional
- A Night in the Life of a Security Worker at Popular Bourbon Street Nightclubs
- Why you should consider Electronic Home Security
- Purchasing a Laptop: What You Need and What to Look For