Honesty and high-integrity character |
 |
| 08 Sep 2005 | Information Shield |
|
|
The information security manager needs to have a
squeaky-clean criminal record as well as an
open-minded and questioning personality that
inspires trust. Some scrupulous organizations go
further with additional background checking, for
example requiring the information security manager to
have a clean credit report. All this makes sense because
the information security manager must be a paragon of
virtue and honesty, in addition to being an exemplary
employee. Above all, this individual must not be a
former hacker because this will often cause others within
the organization to be untrusting and uncooperative. In
the eyes of many, being a hacker is equivalent to being a
malicious and irresponsible person who is out to get
them. While hackers are often on top of the latest
information security vulnerabilities, they frequently lack
extensive experience in the business world, and they
frequently lack the diplomacy and people skills
necessary to do a good job as an information security
manager. There are available people with exemplary
characters, who are also on top of the latest developments
in the information security field, but you may
need to pay them well. Just as a well-managed organization
would generally not hire an office employee who
had previous convictions for violent behavior, so an
organization should not hire a "former" hacker who has
run afoul of the law. Even if the candidate for an
information security manager position has no criminal
convictions, any candidate who boasts about being a
former hacker should be avoided like the plague. If a
newly-hired information security manager were to send
confidential internal information to his or her friends in
the hacker community, the hiring organization could
soon find itself overrun by unwelcome visitors who are
using its networks and systems for illegal activities. If
you are still intent on hiring a former hacker, think long
and hard about the reputation risk that goes along with
such a move. Is your firm really prepared for the
negative publicity and the loss of customer confidence
that goes along with hiring someone who has
demonstrated that they have a different set of ethics than
most of the others who work at the organization?
INFORMATION SECURITY MANAGER QUALIFICATIONS
 Introduction
Excellent communication skills
Good relationship management skills
Ability to manage many important projects simultaneously
Ability to resolve conflicts between security and business objectives
Ability to see the big picture
Basic familiarity with information security technology
Real world hands-on experience
Commitment to staying on top of the technology
Honesty and high-integrity character
Familiarity with information security management
Tolerance for ambiguity and uncertainty
Demonstrated good judgement
Ability to work independently
A certain amount of polish
|
Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield
Download Appendix B, Personal Qualifications
|
|
|
|
|
|
