Book Excerpt

Ability to resolve conflicts between security and business objectives

The information security manager must be able to clearly see the pros and cons of certain courses of action, and be able to choose and negotiate a compromise which best serves the organization in the long run. Information security is always a compromise because the only absolutely secure information system is an unusable one. The successful manager must have a flexible personality and be comfortable making compromises. He or she must also know about the management tools that can be used to arrive at decisions of this nature (net present value, internal rate of return, payback, Monte Carlo simulation, automated testing tools, etc.). In addition to being familiar with information security technology, the successful manager must also have business skills, business knowledge and a business aptitude. The manager must be able to withstand pressure from various groups with competing objectives and be willing to take a stand for a course of action that is in the long-run best interests of the organization. The manager should not be overly concerned about being popular and well-liked; a manager concerned about popularity will soon be fired for getting nothing done. The manager must appreciate that, in an organization of significant size, information security takes years of dedicated work before it really starts to become part of the corporate culture.


  Excellent communication skills
  Good relationship management skills
  Ability to manage many important projects simultaneously
  Ability to resolve conflicts between security and business objectives
  Ability to see the big picture
  Basic familiarity with information security technology
  Real world hands-on experience
  Commitment to staying on top of the technology
  Honesty and high-integrity character
  Familiarity with information security management
  Tolerance for ambiguity and uncertainty
  Demonstrated good judgement
  Ability to work independently
  A certain amount of polish

Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield

Download Appendix B, Personal Qualifications

This was first published in September 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: