MANAGEMENT of INFORMATION SECURITY, Fifth Edition.

Slides:



Advertisements
Similar presentations
CHAPTER 7 Business Management.
Advertisements

HR Manager – HR Business Partners Role Description
Supervision in Organizations
Elevate Your BC Career Presented by: Cheyene Haase of BC Management, Inc. The Skills, Experience and Credentials in Demand for Business Continuity Professionals.
Security and Personnel
CSE 4482: Computer Security Management: Assessment and Forensics
IT Governance and Management
Information Systems Security Officer
Security and Personnel
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
ECM Project Roles and Responsibilities
Careers in IT Farrokh Alemi, Ph.D.. Course on Project Management Credit.
Chapter 7 Administration of the Fire Department
Part 3 Managing for Quality and Competitiveness © 2015 McGraw-Hill Education.
Principles of Information Security, 2nd Edition2 Learning Objectives Upon completion of this material, you should be able to:  Understand where and how.
Management of Information Security, 4th Edition
Basel Accord IITRANSITIONSERVICES Business Integration Support FCM Management Limited Paris New York Toronto.
Release & Deployment ITIL Version 3
Orienting Extension Faculty that are Volunteer Administrators.
By Anthony W. Hill & Course Technology 1 User Support Management Beisse.
Engineering Management From The Top Power Behind the Storage.
PANHA CHIET UNIVERSITY Course: Principle of Management Introduced By: YORN SOMETH, MBA Summary my Background rbs Graduated: BBA from National University.
Introduction to Security
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
FUNCTIONAL DIFFERENCES IN MANAGERIAL JOB BEHAVIOUR:
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Gathering Network Requirements Designing and Supporting Computer Networks – Chapter.
ORGANIZING IT SERVICES AND PERSONNEL (PART 1) Lecture 7.
SecSDLC Chapter 2.
 Staffing : Staffing is the process, through which competent employees are selected, properly trained, effectively developed, suitably rewarded and their.
Installation and Maintenance of Health IT Systems Unit 8a Troubleshooting; Maintenance and Upgrades; and Interaction with Vendors, Developers, and Users.
- 1 - FINAL_NOScript_JDVerificationTraining pptx Job Titles Examples Used for HISD Nonexempt Jobs Assistant: Using knowledge of a functional area(s),
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part II.
Lecture Outline 12 Other ways of obtaining systems IS Department in a Business Organization The Future of IS.
Slide 1 MANAGEMENT OF INFORMATION SECURITY  “ If this is the information superhighway, it is going through a bad, bad neighborhoods” Dorian Berger, 1997.
TOPIC : PROJECT MANAGER
Mgt Project Portfolio Management and the PMO Module 8 - Fundamentals of the Program Management Office Dr. Alan C. Maltz Howe School of Technology.
Chapter 1 Computer Technology: Your Need to Know
Job Titles Examples Used for HISD Nonexempt Jobs
Account Management Overview
Week 11 Organizing Information Technology Resources
Succession Planning: Concept and Practice in Nepalese context
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
Overview of IT Auditing
Technology Skills and New Career Opportunities in Policing
Identify the Risk of Not Doing BA
Responsibilities & Tasks Week 2
Clinical Engineering Lecture (3).
IT Roles and Responsibilities
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Project Roles and Responsibilities
Information System and Management
Information Technology
Career Banding Program for North Carolina State Government Employees
Alignment of COBIT to Botswana IT Audit Methodology
Monday 9th April – Friday 13th April 2018
Deloitte Consulting LLP SCOOPS Session
Project Management Process Groups
Click here to advance to the next slide.
Objectives 1. An understanding of the importance of management to society and individuals 2. An understanding of the role of management 3. An ability to.
CHAPTER 2 INFORMATION SYSTEMS FOR COMPETITIVE ADVANTAGE
Roles and Responsibilities of a Project Manager
Managers and Management
Objectives 1. An understanding of the importance of management to society and individuals 2. An understanding of the role of management 3. An ability to.
Plan your journey.
Project Management Method and PMI ® PMBOK ® Roles
OU BATTLECARD: Oracle Linux Training and Certification
OU BATTLECARD: Oracle Identity Management Training
Basic Systems Management Employing Security Policies
Presentation transcript:

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

INTRODUCTION TO PERSONNEL AND SECURITY 2 Management of Information Security, 5th Edition, © Cengage Learning

Introduction to Personnel and Security Maintaining a secure environment requires that the InfoSec department be carefully structured and staffed with appropriately with appropriately skilled and screened personnel It also requires that the proper procedures be integrated into all human resources activities, including hiring, training, promotion, and termination practices 3 Management of Information Security, 5th Edition, © Cengage Learning

Staffing the Security Function Selecting an effective mix of information security personnel requires that you consider a number of criteria; some are within the control of the organization, and others are not In general, when the demand for personnel with critical information security technical or managerial skills rises quickly, the initial supply often fails to meet it As demand becomes known, professionals enter the job market or refocus their job skills to gain the required skills, experience, and credentials 4 Management of Information Security, 5th Edition, © Cengage Learning

Qualifications and Requirements To move the InfoSec discipline forward: – The general management community of interest should learn more about the requirements and qualifications for both information security positions and relevant IT positions – Upper management should learn more about information security budgetary and personnel needs – The IT and general management communities of interest must grant the information security function (and CISO) an appropriate level of influence and prestige 5 Management of Information Security, 5th Edition, © Cengage Learning

Qualifications and Requirements When hiring InfoSec staff at all levels, organizations frequently look for individuals who: – Understand how organizations are structured and operated – Recognize that InfoSec is a management task that cannot be handled with technology alone – Work well with people in general, including users, and communicate effectively using both strong written and verbal communication skills – Acknowledge the role of policy in guiding security efforts – Understand the essential role of information security education and training, which helps make users part of the solution, rather than part of the problem 6 Management of Information Security, 5th Edition, © Cengage Learning

Qualifications and Requirements When hiring InfoSec staff at all levels, organizations frequently look for individuals who (continued): – Perceive the threats facing an organization, understand how these threats can become transformed into attacks, and safeguard the organization from information security attacks – Understand how technical controls can be applied to solve specific information security problems – Demonstrate familiarity with the mainstream information technologies, including Disk Operating System (DOS), Windows, Linux, and UNIX OS’s – Understand IT and InfoSec terminology and concepts 7 Management of Information Security, 4th Edition, © Cengage Learning

Information Security Positions Information security positions can be classified into one of three areas: those that define, those that build, and those that administer – Definers provide the policies, guidelines, and standards The people who do the consulting and the risk assessment, and develop the product and technical architectures Senior people with a broad knowledge, but not a lot of depth – Builders are the real techies, who create and install security solutions – Administrators are the people who operate and administer the security tools, the security monitoring function, and the people who continuously improve the processes This is where all the day-to-day, hard work is done 8 Management of Information Security, 5th Edition, © Cengage Learning

Possible Information Security Positions & Reporting Relationships 9 Management of Information Security, 5th Edition, © Cengage Learning

Chief Information Security Officer (CISO) The CISO is typically considered the top information security officer in the organization, although the CISO is usually not an executive- level position and frequently reports to the CIO, unless the organization employs as CSO Although these individuals are business managers first and technologists second, they must be conversant in all areas of information security, including technology, planning, and policy 10 Management of Information Security, 5th Edition, © Cengage Learning

CISO: Qualifications and Position Requirements The most common qualifications for the CISO include the Certified Information Systems Security Professional (CISSP) and the Certified Information Security Manager (CISM) A graduate degree in business, technology, criminal justice, or another related field is usually required as well A candidate for this position should have experience in security management, as well as in planning, policy, and budgets 11 Management of Information Security, 5th Edition, © Cengage Learning

CISO: Qualifications and Position Requirements In addition to taking on these roles and responsibilities, CISOs should practice the following key principles to shape their career: – Practice business engagement - Build professional relationships with key stakeholders in the organization – Focus initiatives on what is learned - Knowledge gained becomes a tool in developing and prioritizing efforts for the InfoSec department – Align, target, and time initiatives – Convey resource availability and constraints to the organization to maintain support and confidence. – Deliver services - Maintain a professional “sales and service” perspective to enhance the organization’s opinion of the InfoSec department’s value – Establish and maintain credibility - Promote the value of the InfoSec department, its skill, expertise and quality of efforts – Manage relationships - Understand the decision makers in the organization and cultivate professional relationships with them 12 Management of Information Security, 5th Edition, © Cengage Learning

Security Manager A security manager is accountable for the day-to-day operation of all or part of the InfoSec program They accomplish objectives identified by the CISO and resolve issues identified by the technicians Security managers are often assigned specific managerial duties by the CISO, including policy development, risk assessment, contingency planning, and operational and tactical planning for the security function Management of technology requires an understanding of the technology that is administered but not necessarily proficiency in its configuration, operation, or fault resolution 13 Management of Information Security, 5th Edition, © Cengage Learning

Security Manager: Qualifications and Position Requirements It is not uncommon for a security manager to have a CISSP or CISM These individuals must have experience in traditional business activities, including budgeting, project management, personnel management, and hiring and firing They must be able to draft middle- and lower- level policies, as well as standards and guidelines Several types of information security managers exist, and the people who fill these roles tend to be much more specialized than CISOs 14 Management of Information Security, 5th Edition, © Cengage Learning

Security Technician A Security technician is a technically qualified individual who may configure firewalls and IDPSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that security technology is properly implemented The role of security technician is a typical information security entry-level position, albeit a technical one Like network technicians, security technicians tend to be specialized, focusing on one major security technology group and then further specializing in a particular software or hardware package within the group 15 Management of Information Security, 5th Edition, © Cengage Learning

Security Technician: Qualifications and Position Requirements The technical qualifications and position requirements for a security technician vary Organizations typically prefer expert, certified, proficient technicians Job requirements usually include some level of experience with a particular hardware and software package Sometimes familiarity with a particular technology is enough to secure an applicant an interview; however, experience using the technology is usually required 16 Management of Information Security, 5th Edition, © Cengage Learning

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.