|
Given that the job of security officer is more technical and doesn't
involve as much old-line management responsibility (people management or
assuming financial responsibility for some revenue-producing or consuming
part of a business) I think you're best off sticking more to the technical
side of your new planned job role. That said, one of the most important
aspects
of a security officer's job is to perform a risk assessment that relates to
possible threats to company systems, information, people and assets, and to
help formulate proposed responses to such threats where warranted. This
requires a deep understanding of the value of information and other
organizational assets and a sense of the trade-offs necessary to decide how
much it's worth spending to protect and/or preserve such assets. Of course,
this requires taking a hard-nosed, hard-boiled and value-oriented look at
your company and setting limits on how much you could or should spend to
protect them. Obviously, this does require some business acumen. But you'll
be pleased to hear that by preparing for Security+ and CISSP, you should get
exposure to the concepts and tools you'll need to do this kind of work.
Thus, a good class or boot camp on CISSP should help you get ready to
handle
this part of your job. There are plenty of good books on this part of the
field as well. One of my favorites is by fellow SearchSecurity.com site
expert Mandy Andress and is entitled "Surviving Security" (Sams, 2001, ISBN:
0672321297; List Price: $15).
For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: Does your CSO need to be a techie?
IT Career Expert: Security invades upper-level management
News & Analysis: University CSO provides education, security in nonprofit environment
|
