Ability to see the big picture

The information security manager must not be easily distracted by the fire fighting that inevitably comes with the job. Taking care of virus problems is certainly important, but this day-to-day work must not crowd out important but not urgent long-run projects such as compiling a network security architecture. The manager must be able to prioritize resources in a way that satisfies the organization's urgently pressing needs, but at the same time move the organization in the direction of implementing generally accepted information security solutions. The manager must also be able to synthesize information from many different sources to come up with a plan for improving information security that is truly responsive to the organization's business needs. A manager with a narrow technical focus will impede information security progress, because it is only through a broad view of information security that innovative solutions can be conceived. Furthermore, the manager must be able to read between the lines, identifying the true underlying causes of problems that the organization faces. The manager must additionally have the guts to tell the truth about these underlying causes.


  Excellent communication skills
  Good relationship management skills
  Ability to manage many important projects simultaneously
  Ability to resolve conflicts between security and business objectives
  Ability to see the big picture
  Basic familiarity with information security technology
  Real world hands-on experience
  Commitment to staying on top of the technology
  Honesty and high-integrity character
  Familiarity with information security management
  Tolerance for ambiguity and uncertainty
  Demonstrated good judgement
  Ability to work independently
  A certain amount of polish

Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield

Download Appendix B, Personal Qualifications
This was last published in September 2005

Dig Deeper on Information security certifications, training and jobs