Ability to resolve conflicts between security and business objectives

The information security manager must be able to clearly see the pros and cons of certain courses of action, and be able to choose and negotiate a compromise which best serves the organization in the long run. Information security is always a compromise because the only absolutely secure information system is an unusable one. The successful manager must have a flexible personality and be comfortable making compromises. He or she must also know about the management tools that can be used to arrive at decisions of this nature (net present value, internal rate of return, payback, Monte Carlo simulation, automated testing tools, etc.). In addition to being familiar with information security technology, the successful manager must also have business skills, business knowledge and a business aptitude. The manager must be able to withstand pressure from various groups with competing objectives and be willing to take a stand for a course of action that is in the long-run best interests of the organization. The manager should not be overly concerned about being popular and well-liked; a manager concerned about popularity will soon be fired for getting nothing done. The manager must appreciate that, in an organization of significant size, information security takes years of dedicated work before it really starts to become part of the corporate culture.


  Excellent communication skills
  Good relationship management skills
  Ability to manage many important projects simultaneously
  Ability to resolve conflicts between security and business objectives
  Ability to see the big picture
  Basic familiarity with information security technology
  Real world hands-on experience
  Commitment to staying on top of the technology
  Honesty and high-integrity character
  Familiarity with information security management
  Tolerance for ambiguity and uncertainty
  Demonstrated good judgement
  Ability to work independently
  A certain amount of polish

Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield

Download Appendix B, Personal Qualifications
This was last published in September 2005

Dig Deeper on Information security policies, procedures and guidelines