Page 16 - CISSO_Prep_ Guide
P. 16
CHAPTER 1: INTRODUCTION TO SECURITY
MANAGEMENT
Information Security management is a relatively new field of
specialization. Only in the past few years has it emerged as a core
business requirement and demanded the development of a core
team of professionals. They must have the skills and expertise
needed to protect the information assets of the organization and
know-how to manage information in a reliable, stable, and
acceptable manner. The information security manager must be
able to merge technology with business and balance risk with
control and productivity. However, a manager cannot manage
something that they do not understand and cannot find ways to
integrate security into the processes of the organization. What if
they do not have a thorough understanding of what risk is? What
if they don’t have answers to questions like what is business and
business priorities and strategy, what is technology, and how to
understand and work with staff and customers? The information
security manager must be part diplomat, part enforcer, part
manager, and part user. The security manager must be able to
build a bridge between different parts of the organization and
forge the links between technology and business units that will
provide security across the enterprise and throughout the
organization.
The first challenge faced by an information security manager is
to ensure that a common language is used to define security. Why
it is crucial, and why security is an issue that every person in the
organization is actually responsible for?
Yes, everyone is guilty. Some more than others, but the first step
towards building the culture and the environment that creates
