Commitment to staying on top of the technology |
 |
| 08 Sep 2005 | Information Shield |
|
|
The information security manager must furthermore
keep abreast of recent developments in the information
security field. Attending a conference or two each year
will generally not constitute sufficient effort. The
manager must read technical magazines, subscribe to
online news services, and if he or she is located near a
major city, attend an occasional professional society
meeting as well. A familiarity with the latest developments
is essential if the manager is going to be able to
recommend appropriate responses to recently discovered
vulnerabilities. A familiarity with the latest
developments is also essential if the manager is going to
be grounded in the information security related
standard of due care (this will be an essential reference
point for discussions about adjustments to information
security controls). If the manager doesn't possess this
current knowledge and if the manager hasn't applied
this knowledge, the organization runs a high risk that it
will learn about its vulnerabilities only when it's victimized.
If the manager doesn't possess and apply this
knowledge, it's likely the organization will be using
information security solutions that are unnecessarily
costly, burdensome and/or antiquated. If the manager
doesn't possess this knowledge, he or she is not going to
effectively present proposals for change to top management.
The risk of having a manager who is not in touch with the latest developments is greater in large organizations
where such an individual may be able to hide
because others do the technical work; in a small organization
it is unthinkable that the information security
manager would not also be able to do extensive
hands-on work such as install and fine tune a firewall.
INFORMATION SECURITY MANAGER QUALIFICATIONS
 Introduction
Excellent communication skills
Good relationship management skills
Ability to manage many important projects simultaneously
Ability to resolve conflicts between security and business objectives
Ability to see the big picture
Basic familiarity with information security technology
Real world hands-on experience
Commitment to staying on top of the technology
Honesty and high-integrity character
Familiarity with information security management
Tolerance for ambiguity and uncertainty
Demonstrated good judgement
Ability to work independently
A certain amount of polish
|
Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield
Download Appendix B, Personal Qualifications
|
|
|
|
|
|
