Book Excerpt

Commitment to staying on top of the technology

The information security manager must furthermore keep abreast of recent developments in the information security field. Attending a conference or two each year will generally not constitute sufficient effort. The manager must read technical magazines, subscribe to online news services, and if he or she is located near a major city, attend an occasional professional society meeting as well. A familiarity with the latest developments is essential if the manager is going to be able to recommend appropriate responses to recently discovered vulnerabilities. A familiarity with the latest developments is also essential if the manager is going to be grounded in the information security related standard of due care (this will be an essential reference point for discussions about adjustments to information security controls). If the manager doesn't possess this current knowledge and if the manager hasn't applied this knowledge, the organization runs a high risk that it will learn about its vulnerabilities only when it's victimized. If the manager doesn't possess and apply this knowledge, it's likely the organization will be using information security solutions that are unnecessarily costly, burdensome and/or antiquated. If the manager doesn't possess this knowledge, he or she is not going to effectively present proposals for change to top management. The risk of having a manager who is not in touch with the latest developments is greater in large organizations where such an individual may be able to hide because others do the technical work; in a small organization it is unthinkable that the information security manager would not also be able to do extensive hands-on work such as install and fine tune a firewall.

INFORMATION SECURITY MANAGER QUALIFICATIONS

  Introduction
  Excellent communication skills
  Good relationship management skills
  Ability to manage many important projects simultaneously
  Ability to resolve conflicts between security and business objectives
  Ability to see the big picture
  Basic familiarity with information security technology
  Real world hands-on experience
  Commitment to staying on top of the technology
  Honesty and high-integrity character
  Familiarity with information security management
  Tolerance for ambiguity and uncertainty
  Demonstrated good judgement
  Ability to work independently
  A certain amount of polish

Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield

Download Appendix B, Personal Qualifications

This was first published in September 2005

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top