Nowadays the lack of a personnel in charge of coordinating, planning and promoting activities that have are related to the information security generates a situation that is reflected in the growth of security problems that arise within organizations, such as intrusions, theft of information, virus problems, among others, better known as incidents, This joined with the ignorance of knowing what are the necessary and sufficient skills in knowledge, training and skills, as well as the responsibilities and duties of the figure in charge of security in the institution they make it difficult to be able to select the right person who is in charge of seeing what refers to computer security within the institutions.
If you need assistance with writing your essay, our professional essay writing service is here to help!Find out more
The purpose of this essay is to present, identify and review the skills and qualities of a figure called Security manager, who is someone that can be handled a security problem, a person that is in control of any security issue, as well as planning, controlling and follow up all the security structures with the purpose of minimize security occurrences.
Keywords: Data, Information, Security, leadership, methodologies.
Nowadays, there are multiple risks associated with the lack of data security controls in equipment and information systems and communications. Threats in Information and Communication Technologies are extent in many critical levels depending on the orientation and scope of their use. The increase of industrial espionage, information thieves, interruption of services and critical failures in the infrastructure and central information systems is a great concern for large, medium and small organizations.
Information systems are subject to many different threats that can have it origin within the organization itself or most of the time from an external source. According to Romanosky (2016), there are many types of security crimes that the best way to control and follow them is to organized all these threats in the following categories:
- Data breach: No intentional revelation of personal data.
- Security incident: Alteration of the systems or networks within the organization.
- Privacy violation: Retrieve, shared or use of personal data without previous authorization.
- Phishing /Skimming: Person that commit a particular electronic delinquencies against other individuals.
Romanosky (2016) found that data breach is the most frequent security issue compare with other cyber events. It is possible to reduce the level of risk in a significant way and with it the materialization of threats and reduction of impact without the need to make high investments or have a large staff structure with just only having the correct leader to guide the present staff structure. Throughout this research we distinguish, review and identify the skills and qualifications of a member of the organization called Security Manager.
The main purpose of this paper is to define, review and describe roles of the entity in charge of establishing the most appropriate way to manage all security aspects through the combination of information technology and human resources, supported by upper management measures that guarantee the achievement of the necessary security level based on the organization goals.
Understanding the Information Technology environment
Information Technology industry has evolved so much in recent times, that these simple words “Information Technology” perfectly encompass such different and complex fields as software development, ERP implementation, network infrastructure, any web site improvement, or a combined integration project that includes software, hardware, networks and services. Each field has its own peculiarities, complexities; and very different knowledge and different types (it is not the same to implement a Data Warehouse security as to do a Web data security, even though two can be complementary).
The information system uses information as raw material, which stores, processes and transforms to obtain information as a final result, which will be supplied to different users and upper management of the system, and there is also a process of feedback or “feedback”, in which it is necessary to assess whether the information obtained is adequate to what was expected (see Appendix for figure 1. The Information system of organizations).
In many cases there is a lot of confusion, because in many cases people think that information system are just the computer and the software installed on it. An organization can acquire new computers, install new telecommunications products, develop a web page, carry out trade electronic system, but this doesn’t mean that they have an information system. An information system is more than the hardware and software, because we not only have to take into account these tools, but also how to organize these tools and obtain the necessary information for the correct operation of the company.
The responsible of manage and administrate information systems security must possess knowledge of both the available information technologies that the company use, as well how to organize and protect it. To do this they will have to know the strategy of the organization and the type of organization for subsequently establish the information needs and acquire the tools necessary for the security of the information system.
Information security leader
Whitman & Mattord, (2014) stated that security managers are responsible of the daily information security operation. They are usually professionals with extensive experience in security and protection organizations, after which they have the sufficient background to implement protocols, best practices and tools that secure the most valuable information of the company. They usually do so under the umbrella of the CIO and with the support of external consultants or advisors who have more resources and an economy of scale that allows greater protection with a more or less adjusted budget. Understand and apply what are called “good practices” is not enough by itself for effective management an area that is in charge for the information security of any organization.
So far the requirements and qualities of the security manager are the same for any type of industry managers, but because IT security is the most prominent industry in terms of innovation and complexity requires the leader to be aware of certain technical knowledge, the use of other tools and even of processes, to be effective in the implementation of the security of the organization. The need to be up-to-date with technological changes, the fact that we are working with a team of professionals often called self-managed teams, the complexity of the projects, the demand of the “time to market” and the appearance of the so-called “methodologies Agile “, are the aspects that mark the most outstanding differences with the rest leaders.
The security manager needs a mixture and requires a strong capacity for communication, vision, use of interpersonal skills, motivation, management methodology, and a strong capacity for analysis and problem solving. In summary, the competences can be grouped into:
People Skills: this ability is one of the most basic and important for a leader, his ability to communicate with others, including the work group, the stakeholders and their own boss. Here the skills of natural leadership, persuasion, active listening, negotiation skills, assertiveness, emotional intelligence, empathy and motivation play a fundamental role for the success.
The leader that works in data security has a very particular working group in terms of their needs, knowledge and behaviors, we are usually talking about experienced professionals and it is very common to work with “high performance” teams where The role of the leader should be more of a facilitator than a manager, trying to get its people to obtain the necessary resources, and removing obstacles or problems when they arise. In adaptive or agile methodologies, this aspect is given great importance.
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.View our services
Another important skill is to lead virtual groups, an aspect that today is given much in practice as the famous projects 24 hours or “follow the sun”. The dispersion of companies in the world make difficult to communicate, and much more so if an agile methodology has been chosen where face-to-face communication is essential. In this case will be necessary to implement special strategies to know how to handle them since we are not in direct contact with everyone, nor can we control them 24 hours a day. Time management should be higher, we will have to apply remote control techniques, and communications and technologies become a vital factor. Web 2.0 is a “must” in these cases and use of many tools and techniques for better control and follow up of the teams.
Methodology and Processes: a security manager should follow a methodology and formal processes for the implementation of a security framework., must apply knowledge acquired from other sources and specialized IT literature that complements such as the SWEBOK®, software development and testing processes, know about quality standards (ISO, COBIT, ITIL, etc.) and any other specific methodology related to data security field.
Technological Knowledge: The knowledge of the technology environment that the leader will be managed, both software and hardware, provides him with an additional advantage. For example, a short web development would require strong technological knowledge given that there is not enough time to acquire it on the fly. In other cases, especially longer projects, the knowledge of the business would be a little more important than the technological one. The leader shouldn’t be a technological expert (for this he will have the right personnel) but he should have enough experience to be able to dialogue with his team, manage basic concepts about Hardware, Software, Networks and Telecommunications. It is always important and useful to know about what we are going to manage and to be aware of the latest technological advances.
The information security constitute one of the key strategic aspects for the good work of the company. For this it is necessary that everyone in the organization is aware of it, including the senior management, which must take it into account at the moment of the strategic planning process of the company, as well by the different users of the company. There must be an information security policy within the company.
Top management must demonstrate leadership and commitment with respect to the Information Security Management System:
• Ensuring that the information security policy and information security objectives are established, and that these are compatible with the strategic direction of the company
• Ensuring the integration of the requirements of the Information Security Management System in the company’s processes
• Ensures that the necessary resources are available to secure
• Combining the importance of effective information security management and compliance with the requirements of the Information Security Management System
• Ensure that the Information Security Management System achieves the expected results
• Directing and supporting people, to contribute to the efficiency of the Information Security Management System
• Promote continuous improvement.
• Support other relevant management roles, it is necessary to demonstrate the leadership applied to their areas of responsibility
- Romanosky, Sasha. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, Volume 2, Issue 2, Pages 121–135. retrieve from https://doi.org/10.1093/cybsec/tyw001
- Catota Frankie E, Morgan M Granger, Sicker Douglas C (2016). Cybersecurity incident response capabilities in the Ecuadorian financial sector, Journal of Cybersecurity, tyy002, retrieve from https://doi.org/10.1093/cybsec/tyy002
- Kwon Juhee, Johnson M Eric (2013); Security practices and regulatory compliance in the healthcare industry, Journal of the American Medical Informatics Association, Volume 20, Issue 1, 1, Pages 44–51, retrieve fromhttps://doi.org/10.1136/amiajnl-2012-000906
- Whitman & Mattord, (2014). Principles of information security, 5th Edition, Page 479.
Information system of organizations
Figure 1. Information system of organizations
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: