Manage Learn to apply best practices and optimize your operations.

Infosec manager qualifications

My company is in serious need of an Infosec and Infosed manager. I believe I could fill the position, but what would help me to do so?

I am the network administrator for the company currently, which gives me an advantage of understanding the digital side. I also have a background in the military that gives me a "real" everyday understanding of infosec. This also gives me an advantage and the experience.

There are two distinct skill sets required for each position: one for the management opening and one for the technical/administrative opening.

Generally, the security manager should have a wide security experiential range over many different security areas; managing and implementing data security controls; an in-depth knowledge/understanding of Internal, national and local legislation affecting information security; the ability to develop business plans, develop and implement policies, architecture and strategies; an understanding of the political environment and work within its confines; and the ability to manage people and projects.

The security administrator would be responsible for the daily administration of user IDs, system controls, etc., and work primarily with the user community.

There are several issues not indicated by your question. Are these start-up positions within an established organization? What would the mission of your department be? You would need to define the department's goals and objectives. How are your company's information assets protected now? Who performs the function currently? It sounds as though there is definite fragmentation and decentralization of security within your organization. Have there been any internal or external audits performed to assist you in this? When audit findings identify security deficiencies, there is an opportunity.

Your biggest challenge is to convince your management that a dedicated security function is, indeed, necessary and to have them buy into that function. A selling point to management will probably be illustration that the function is necessary for due diligence and to meet their fiduciary/legal obligations. Depending upon what your industry is, there may also be PDD 63 Compliance and EU Directive issues.

This was last published in November 2001

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.