Security Management Strategies for the CIORequires Free Membership to View
Given that the job of security officer is more technical and doesn't involve as much old-line management responsibility (people management or assuming financial responsibility for some revenue-producing or consuming part of a business) I think you're best off sticking more to the technical side of your new planned job role. That said, one of the most important aspects of a security officer's job is to perform a risk assessment that relates to possible threats to company systems, information, people and assets, and to help formulate proposed responses to such threats where warranted. This requires a deep understanding of the value of information and other organizational assets and a sense of the trade-offs necessary to decide how much it's worth spending to protect and/or preserve such assets. Of course, this requires taking a hard-nosed, hard-boiled and value-oriented look at your company and setting limits on how much you could or should spend to protect them. Obviously, this does require some business acumen. But you'll be pleased to hear that by preparing for Security+ and CISSP, you should get exposure to the concepts and tools you'll need to do this kind of work.
Thus, a good class or boot camp on CISSP should help you get ready to handle this part of your job. There are plenty of good books on this part of the field as well. One of my favorites is by fellow SearchSecurity.com site expert Mandy Andress and is entitled "Surviving Security" (Sams, 2001, ISBN: 0672321297; List Price: $15).
For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: Does your CSO need to be a techie?
IT Career Expert: Security invades upper-level management
News & Analysis: University CSO provides education, security in nonprofit environment
This was first published in December 2002
Join the conversationComment
Share
Comments
Results
Contribute to the conversation