Demonstrated good judgement

An information security manager will be called upon to make many judgments that conceivably could have a profound impact on the future of your organization. For example, if the manager makes a bad call on an architecture decision, your organization could be widely discussed on the front page of the newspapers. This could cause the organization's reputation to suffer in a very big way. On another note, if the manager is a former hacker, this background is not convincing evidence of good judgment. It is one thing to know about system penetration tools and techniques, and it is a very different thing to actually use this information to break into a system without the involved organization's formal written consent. A successful information security manager should have a good track record of decision-making in a variety of situations, including those where both management pressure and a quick response were important factors.


  Excellent communication skills
  Good relationship management skills
  Ability to manage many important projects simultaneously
  Ability to resolve conflicts between security and business objectives
  Ability to see the big picture
  Basic familiarity with information security technology
  Real world hands-on experience
  Commitment to staying on top of the technology
  Honesty and high-integrity character
  Familiarity with information security management
  Tolerance for ambiguity and uncertainty
  Demonstrated good judgement
  Ability to work independently
  A certain amount of polish

Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield

Download Appendix B, Personal Qualifications
This was last published in September 2005

Dig Deeper on Information security certifications, training and jobs